Hi!

I have rootkit hunter running on one of my virtual machines. I'm getting a 
result of:

Info: Starting test name 'running_procs'
Checking running processes for suspicious files [ Warning ]
Warning: The following processes are using suspicious files:
Command: httpd.bin
UID: 0 PID: 1899
Pathname: /opt/redmine/apache2/bin/httpd.bin
Possible Rootkit: IRC bot

Yes, I'm using Redmine also for testing. And this is a false positive detection 
by rkhunter, right? Since it is being used by Redmine.
I want rkhunter to skip the path of /opt/redmine/apache2/bin/httpd.bin when my 
rkhunter script runs.
I already edit my rkhunter.conf and tried to put the path on EXISTWHITELIST, 
SCRIPTWHITELIST, and ALLOWIPCPROC sections but I still get the warning.

Cant find a reference on whitelisting a path that is located on /opt directory. 
What variable in the rkhunter.conf should I use for whitelisting the said path?
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to