Hi! I have rootkit hunter running on one of my virtual machines. I'm getting a result of:
Info: Starting test name 'running_procs' Checking running processes for suspicious files [ Warning ] Warning: The following processes are using suspicious files: Command: httpd.bin UID: 0 PID: 1899 Pathname: /opt/redmine/apache2/bin/httpd.bin Possible Rootkit: IRC bot Yes, I'm using Redmine also for testing. And this is a false positive detection by rkhunter, right? Since it is being used by Redmine. I want rkhunter to skip the path of /opt/redmine/apache2/bin/httpd.bin when my rkhunter script runs. I already edit my rkhunter.conf and tried to put the path on EXISTWHITELIST, SCRIPTWHITELIST, and ALLOWIPCPROC sections but I still get the warning. Cant find a reference on whitelisting a path that is located on /opt directory. What variable in the rkhunter.conf should I use for whitelisting the said path?
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users