rkhunter error

Discussion in 'Server Operation' started by Tom John, Aug 22, 2021.

  1. Tom John

    Tom John Active Member HowtoForge Supporter

    Hi guys,
    i am running ubuntu20.04 with ispconfig 3
    i get the following error after installing rkhunter
    Code:
    Warning: Suspicious file types found in /dev:
             /dev/shm/rhm.c2a3f3edaa8d0b3ff673: None
             /dev/shm/rhm.102601f3844c655dbc61: None
             /dev/shm/rhm.2ff4b4cc0757f2f52ff9: None
             /dev/shm/rhm.7df2c93c5da981109ae5: None
             /dev/shm/rhm.3f2c195e92f8df7d088e: None
             /dev/shm/rhm.b8fc2b53c4af33de47d3: None
             /dev/shm/rhm.086ae52b5fa454f2aee3: None
             /dev/shm/rhm.a5db18ac3017788c32e2: None
             /dev/shm/rhm.4cd1d92b39e933f620ee: None
    
    
    when i add to rkhunter.conf
    Code:
    ALLOWHIDDENFILE= /dev/shm/rhm.4cd1d92b39e933f620ee: None
    or
    ALLOWHIDDENFILE= /dev/shm/rhm.4cd1d92b39e933f620ee
    or
    ALLOWHIDDENFILE= /dev/shm/rhm
    
    
    i still get the same error suspicious file types found.
    What am i doing wrong and do i have to worry about these files after install a fresh server?
    thanks a lot for your kind help
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    ALLOWHIDDENFILE is probably the wrong directive, those aren't hidden files. You need to use either a wildcard or directory based match, not specific file names. Search for the error and you'll find examples of how to configure rkhunter to ignore those if needed.
     
  3. Tom John

    Tom John Active Member HowtoForge Supporter

    Hi there,
    thanks a lot for your kind help i could find the solution with
    ALLOWDEVFILE=/dev/shm/rhm.c2a3f3edaa8d0b3ff673
     
  4. madmucho

    madmucho ISPConfig Developer ISPConfig Developer

    Better will be
    Code:
    ALLOWDEVFILE=/dev/shm/rhm*
     
  5. Tom John

    Tom John Active Member HowtoForge Supporter

    thanks a lot you are right ;)
     

Share This Page