raimes
By:
raimes

CentOS 7 / RKHunter / Can't whitelist Google API (Python) cache file in /tmp

August 21, 2016 478 views
Caching Configuration Management Python Security CentOS

I have cron frequently running a script that uses the Google API to access drive, etc.

It keeps a cache file:

/tmp/google-api-python-client-discovery-doc.cache

And no matter how I try to white list it in ** /etc/rkhunter.conf**, RKHunter gives this back:

Warning: File '/tmp/google-api-python-client-discovery-doc.cache' (score: 212) contains some suspicious content and should be checked.
Warning: Checking for files with suspicious contents [ Warning ]

Any ideas on how to whitelist that file from throwing a warning when RKHunter runs?

I've tried whitelisting it under:

USER_FILEPROP_FILES_DIRS=
EXCLUDE_USER_FILEPROP_FILES_DIRS=
EXISTWHITELIST=
SCRIPTWHITELIST=
RTKT_FILE_WHITELIST=
1 Answer

After making your changes did you run sudo rkhunter --propupd to update rkhunter and have it use the new rules?

Have another answer? Share your knowledge.