rkhunter - /dev/shm/netdata_sem_cgroup_ebpf

moucho · July 11, 2023, 8:35am

I’ve installed rkhunter on my VPS, and it shows an alert for ‘/dev/shm/netdata_sem_cgroup_ebpf’ stating that:

Time: Mon Jul 10 17:49:07 2023 +0200
File: /dev/shm/netdata_sem_cgroup_ebpf
Reason: Script, starts with #!
Owner: netdata:netdata (987:982)
Action: No action taken

I’ve opened the file and it doesn’t start with ‘#!’.

Searching in the netdata code, this file is mentioned in collectors/cgroups.plugin/sys_fs_cgroup.h:

grep -R netdata_sem_cgroup_ebpf
collectors/cgroups.plugin/sys_fs_cgroup.h:#define NETDATA_NAMED_SEMAPHORE_EBPF_CGROUP_NAME "/netdata_sem_cgroup_ebpf"

I’m guessing this alert is wrong, as netdata uses this for managing shared memory (semaphore). Could anyone confirm?

sashwathn · July 11, 2023, 9:07am

@Thiago_Marques_0 : Can you please take a look at this one?

Thiago_Marques_0 · July 11, 2023, 1:05pm

Hello @moucho ,

You are right, this is a shared memory we are using to share data between two different plugins.

Best regards!

Topic		Replies	Views
eBPF not working Help agent	11	1456	October 31, 2021
eBPF Plugin Crash 12/24/20 Help agent-health , agent	5	661	December 26, 2020
I want to monitor a specific cgroup Help agent , collectors	3	511	June 28, 2023
ebpf.plugin error Help agent	7	813	April 12, 2023
cgroups not showing mem related charts in Raspberry Pi Help	1	33	April 23, 2024

rkhunter - /dev/shm/netdata_sem_cgroup_ebpf

Related Topics