I am running a webserver and am saving PHP sessions to /dev/shm -- rkhunter is flagging the session files:
Warning: Suspicious file types found in /dev:
/dev/shm/sess_eir6fi80ld0bs3ejsjvgkjiuc4: ASCII text, with no line terminators /dev/shm/sess_73v97tg98bd9jckbiovruclhb5: ASCII text, with no line terminators /dev/shm/sess_f1aglts90oqksrc82eg4lc5i27: ASCII text, with no line terminators /dev/shm/sess_a5hot1l1eehonnqa5i025mtu10: ASCII text, with no line terminators
I have tried the following ALLOWDEVFILE directives in /etc/rkhunter.conf, but none of them seem to work:
ALLOWDEVFILE=/dev/shm/sess_*
ALLOWDEVFILE="/dev/shm/sess_*"
rkhunter still flags all sess_* files. Anyone know a solution?