In its default configuration on recent versions of Debian, PostgreSQL creates shared memory segment files in /dev/shm/
. Common rootkit detection software such as chkrootkit or rkhunter flags these as potential indicators of infection. The file names are randomly generated, which makes filtering them out a little tricky. Here’s how to avoid the system flagging them up as false positives.
chkrootkit
Open the file /etc/chkrootkit/chkrootkit.ignore
and add the following line:
/dev/shm/PostgreSQL\.[0-9]+
rkhunter
Open the file /etc/rkhunter.conf.local and add the following line:
ALLOWDEVFILE=/dev/shm/PostgreSQL.*