Re: [Rkhunter-users] Rkhunter catches cron jobs occasionally
Brought to you by:
dogsbody
From: <un...@hu...> - 2013-04-10 17:58:54
|
On Tue, 09 Apr 2013 18:26:55 +0200 "Nick Warr" <nic...@kr...> wrote: >[15:33:39] Info: Starting test name 'running_procs' >[15:33:40] Checking running processes for suspicious files [ Warning ] >[15:33:40] Warning: The following processes are using suspicious files: >[15:33:40] Command: crontab >[15:33:40] UID: 0 PID: 23315 >Is there a way I can whitelist the crontab process? I haven't been >able to find a definitive answer to how (besides disabling the >running_procs test obviously), would RTKT_FILE_WHITELIST help? Is there another >option in the conf I missed? Instead of blithely white listing things I'd rather check what trips 'running_procs' first. Could you please *attach* the log file (see /tmp) from running RKH with --debug to an email to me? Regards, unSpawn --- |