Share

Question

I have cron frequently running a script that uses the Google API to access drive, etc.

It keeps a cache file:

/tmp/google-api-python-client-discovery-doc.cache

And no matter how I try to white list it in ** /etc/rkhunter.conf**, RKHunter gives this back:

Warning: File '/tmp/google-api-python-client-discovery-doc.cache' (score: 212) contains some suspicious content and should be checked.
Warning: Checking for files with suspicious contents [ Warning ]

Any ideas on how to whitelist that file from throwing a warning when RKHunter runs?

I've tried whitelisting it under:

USER_FILEPROP_FILES_DIRS=
EXCLUDE_USER_FILEPROP_FILES_DIRS=
EXISTWHITELIST=
SCRIPTWHITELIST=
RTKT_FILE_WHITELIST=

Answer 1

ryanpq MOD December 27, 2016

After making your changes did you run sudo rkhunter --propupd to update rkhunter and have it use the new rules?

Reply

raimes December 29, 2016

Hi @ryanpq,

Yes, after each attempted whitelisting I ran sudo rkhunter --propupd

This one still stumps me...

Answer 2

raimes December 29, 2016

Hi @ryanpq,

Yes, after each attempted whitelisting I ran sudo rkhunter --propupd

This one still stumps me...

CentOS 7 / RKHunter / Can't whitelist Google API (Python) cache file in /tmp

Leave a Comment

Share

Share your Question

CentOS 7 / RKHunter / Can't whitelist Google API (Python) cache file in /tmp

Leave a Comment

Related Questions

Almost there!