rkhunter Apache2 警告由 phpmyadmin-Docker-Container 引起

最近我们从 rkhunter 获得了以下报告：

Warning: The following processes are using suspicious files:
     Command: apache2
       UID: 33    PID: 11286
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 11396
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 0    PID: 26846
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 27010
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 27689
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 28005
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 28019
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 28110
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 28111
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 28715
       Pathname: 
       Possible Rootkit: Spam tool component
     Command: apache2
       UID: 33    PID: 28716
       Pathname: 
       Possible Rootkit: Spam tool component

经过一些测试和谷歌研究，我们发现这来自官方的 phpmyadmin docker 镜像。如果 apache2 没有在前台的 docker 主机上运行，​​容器就无法运行。

问题是如何在 rkhunter 中将这些误报列入白名单。PID 可能每次启动时都会发生变化，因此将 PID 列入白名单并不是最佳解决方案。Apache2 作为服务无法列入白名单，因为它没有在主机上作为服务运行。