Question

CentOS 7 / RKHunter / Can't whitelist Google API (Python) cache file in /tmp

Posted August 21, 2016 2.5k views
CentOS Security Python Caching Configuration Management

I have cron frequently running a script that uses the Google API to access drive, etc.

It keeps a cache file:

/tmp/google-api-python-client-discovery-doc.cache

And no matter how I try to white list it in ** /etc/rkhunter.conf**, RKHunter gives this back:

Warning: File '/tmp/google-api-python-client-discovery-doc.cache' (score: 212) contains some suspicious content and should be checked.
Warning: Checking for files with suspicious contents [ Warning ]

Any ideas on how to whitelist that file from throwing a warning when RKHunter runs?

I’ve tried whitelisting it under:

USER_FILEPROP_FILES_DIRS=
EXCLUDE_USER_FILEPROP_FILES_DIRS=
EXISTWHITELIST=
SCRIPTWHITELIST=
RTKT_FILE_WHITELIST=
Add a comment
raimes
By:
raimes
edited by asb
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
ryanpq December 27, 2016

After making your changes did you run sudo rkhunter --propupd to update rkhunter and have it use the new rules?

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help