[Rkhunter-users] whitelist podman processes
Brought to you by:
dogsbody
From: Simon B. <sim...@do...> - 2021-05-20 22:20:31
|
Hi everybody, we are running a server on Oracle Linux 8 with rkhunter 1.4.6 and podman to run some rootless containers. Whenever rkhunter does his running_procs scan, we get a lot of warnings containing commands (so I know which container is the cause) but no pathnames - e.g. [15:07:32] Command: postgres [15:07:32] UID: xxxxx PID: xxxxxx [15:07:32] Pathname: [15:07:33] Possible Rootkit: Spam tool component I'd like to whitelist those, but RTKT_FILE_WHITELIST requires a full path. What can I do to keep the running_procs scan without getting all those false positives? Thanks in advance -- Simon Berchner |