[Rkhunter-users] whitelist podman processes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi everybody,

we are running a server on Oracle Linux 8 with rkhunter 1.4.6 and podman
to run some rootless containers.

Whenever rkhunter does his running_procs scan, we get a lot of warnings
containing commands (so I know which container is the cause) but no
pathnames - e.g.
[15:07:32]          Command: postgres
[15:07:32]            UID: xxxxx    PID: xxxxxx
[15:07:32]            Pathname:
[15:07:33]            Possible Rootkit: Spam tool component
I'd like to whitelist those, but RTKT_FILE_WHITELIST requires a full path.

What can I do to keep the running_procs scan without getting all those
false positives?

Thanks in advance
-- 
Simon Berchner