Re: [Rkhunter-users] rkhunter daily report

Wed, 20 Feb 2019 00:46:03 -0800 

As I noted I run macOS so you'll have to wait for a fellow Raspbian Stretch 
user to respond.

-Al-

> On Feb 20, 2019, at 00:20, Marco Strullato wrote:
> 
> Hi Al,
> the o.s. is Raspbian Stretch. What do you think? Can I ignore these warnings?
> 
> Cheers
> 
> Il giorno mar 19 feb 2019 alle ore 10:05 Al Varnell ha scritto:
> In order for anybody to respond to your statement "I think it can be safely 
> ignored." you need to tell us what OS you are running.
> 
> The "ALLOWPROCDELFILE" statement must reference a file name, but you have 
> indicated a directory name. I would have to guess, since this is a tmp 
> directory, that the file names will continually changed so you will need to 
> use a wildcard indicator:
> 
> ALLOWPROCDELFILE=/bin/dash:/tmp/*
> ALLOWPROCDELFILE=/usr/sbin/cron:/tmp/*
> ALLOWPROCDELFILE=/bin/run-parts/:tmp/*
> 
> -Al-
> macOS User
> 
>> On Feb 19, 2019, at 00:27, Marco Strullato  wrote:
>> 
>> hi everyone,
>> 
>> The execution of rkhunter in my system is triggered by the cron daily: 
>> during the check some warning is raised, however I think it can be safely 
>> ignored.
>> 
>> This is the daily report:
>> Warning: The following processes are using deleted files:
>>          Process: /usr/bin/influxd    PID: 586    File: /usr/bin/influxd
>>          Process: /usr/sbin/cron    PID: 15569    File: /tmp/tmpfAxob2Y
>>          Process: /bin/dash    PID: 15577    File: /tmp/tmpfAxob2Y
>>          Process: /bin/run-parts    PID: 15580    File: /tmp/tmpfAxob2Y
>> In order to skip these checks, I added to the config:
>> 
>> ALLOWPROCDELFILE=/bin/dash:/tmp
>> ALLOWPROCDELFILE=/usr/sbin/cron:/tmp
>> ALLOWPROCDELFILE=/bin/run-parts:/tmp
>> 
>> The problem is that the exclusion I specify is ignored.
>> 
>> I think the problem I'm encountering is a kind of know, however I can't find 
>> a solution... Any idea?
>> 
>> Thanks & Regards
>> 
>> Marco


-Al-
-- 
Al Varnell
Mountain View, CA

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users






















					Reply via email to