Hi, I have this warning, which is new for my system, this morning in the rkhunter.log report.
The contents of /var/run/udev.pid are just 3219, which matches the udevd process: ps -ef |grep 3219 root 3219 1 0 Feb23 ? 00:00:00 /sbin/udevd /sbin/udevd reports as an ELF binary: sudo file /sbin/udevd /sbin/udevd: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, stripped It looks to belong to the installed udevd package on my Gentoo system: equery b /sbin/udevd * Searching for /sbin/udevd ... sys-fs/eudev-3.2.5 (/sbin/udevd) Can I somehow safely whitelist this file in /etc/rkhunter.conf? I don't see any other PID files whitelisted so I'm hesitant to do this. If so, is there a special syntax for whitelisted a PID file as opposed to SCRIPTWHITELIST ? Any assistance would be greatly appreciated. Thanks.
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
