I’ve installed rkhunter on my VPS, and it shows an alert for ‘/dev/shm/netdata_sem_cgroup_ebpf’ stating that:
Time: Mon Jul 10 17:49:07 2023 +0200
File: /dev/shm/netdata_sem_cgroup_ebpf
Reason: Script, starts with #!
Owner: netdata:netdata (987:982)
Action: No action taken
I’ve opened the file and it doesn’t start with ‘#!’.
Searching in the netdata code, this file is mentioned in collectors/cgroups.plugin/sys_fs_cgroup.h
:
grep -R netdata_sem_cgroup_ebpf
collectors/cgroups.plugin/sys_fs_cgroup.h:#define NETDATA_NAMED_SEMAPHORE_EBPF_CGROUP_NAME "/netdata_sem_cgroup_ebpf"
I’m guessing this alert is wrong, as netdata uses this for managing shared memory (semaphore). Could anyone confirm?