Hi everybody, we are running a server on Oracle Linux 8 with rkhunter 1.4.6 and podman to run some rootless containers.
Whenever rkhunter does his running_procs scan, we get a lot of warnings containing commands (so I know which container is the cause) but no pathnames - e.g. [15:07:32] Command: postgres [15:07:32] UID: xxxxx PID: xxxxxx [15:07:32] Pathname: [15:07:33] Possible Rootkit: Spam tool component I'd like to whitelist those, but RTKT_FILE_WHITELIST requires a full path. What can I do to keep the running_procs scan without getting all those false positives? Thanks in advance -- Simon Berchner _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
