In its default configuration on recent versions of Debian, PostgreSQL creates shared memory segment files in /dev/shm/. Common rootkit detection software such as chkrootkit or rkhunter flags these as potential indicators of infection. The file names are randomly generated, which makes filtering them out a little tricky. Here’s how to avoid the system flagging them up as false positives.
chkrootkit
Open the file /etc/chkrootkit/chkrootkit.ignore and add the following line:
/dev/shm/PostgreSQL\.[0-9]+rkhunter
Open the file /etc/rkhunter.conf.local and add the following line:
ALLOWDEVFILE=/dev/shm/PostgreSQL.*