Hi Al, the o.s. is Raspbian Stretch. What do you think? Can I ignore these warnings?
Cheers Il giorno mar 19 feb 2019 alle ore 10:05 Al Varnell <alvarn...@mac.com> ha scritto: > In order for anybody to respond to your statement "I think it can be > safely ignored." you need to tell us what OS you are running. > > The "ALLOWPROCDELFILE" statement must reference a file name, but you have > indicated a directory name. I would have to guess, since this is a tmp > directory, that the file names will continually changed so you will need to > use a wildcard indicator: > > ALLOWPROCDELFILE=/bin/dash:/tmp/* > ALLOWPROCDELFILE=/usr/sbin/cron:/tmp/* > ALLOWPROCDELFILE=/bin/run-parts/:tmp/* > > -Al- > macOS User > > On Feb 19, 2019, at 00:27, Marco Strullato <marco.strull...@gmail.com> > wrote: > > hi everyone, > > The execution of rkhunter in my system is triggered by the cron daily: > during the check some warning is raised, however I think it can be safely > ignored. > > This is the daily report: > Warning: The following processes are using deleted files: > Process: /usr/bin/influxd PID: 586 File: /usr/bin/influxd > Process: /usr/sbin/cron PID: 15569 File: /tmp/tmpfAxob2Y > Process: /bin/dash PID: 15577 File: /tmp/tmpfAxob2Y > Process: /bin/run-parts PID: 15580 File: /tmp/tmpfAxob2Y > In order to skip these checks, I added to the config: > > ALLOWPROCDELFILE=/bin/dash:/tmp > ALLOWPROCDELFILE=/usr/sbin/cron:/tmp > ALLOWPROCDELFILE=/bin/run-parts:/tmp > > The problem is that the exclusion I specify is ignored. > > I think the problem I'm encountering is a kind of know, however I can't > find a solution... Any idea? > > Thanks & Regards > > Marco > > -- Marco Strullato cell: +393288462393 skype: marco.strullato
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
