Hello all. The hosting company I work for has recently undergone preparation for PCI compliance. In doing so, we must scan our servers' filesystems regularly for intrusion, unexpected changes etc. One of the tools we are using for this is rkhunter.
Everything works fine until we come to the directory /dev/shm. We use symfony as a php framework and over time it can amass several thousand files and when we needed to clear out this symfony cache to apply a change it could take hours. To get around this, we symlinked the cache directory to /dev/shm. Now clearing cache takes only a few seconds. The problem is that rkhunter wants to look at each and everyone of these files, which makes the scan take hours upon hours and always seems to generate a warning (even when whitelisted). My question is if there is a way to tell rkhunter to flat out ignore these directories. Not necessarily ignore all of /dev/shm, but only the symfony related directories within. Is this at all possible, or is this just an idea contrary to using something like rkhunter? ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
