Warning: The following processes are using suspicious files: Command: systemd UID: 0 PID: 1 Pathname: /run/xpra/system Possible Rootkit: Unknown rootkit
ALLOWDEVFILE=/run/xpra/* to rkhunter configuration does not suppress this warning. It could be nice if xpra installation would take care of proper setting for rkhunter to suppress unnecessary warnings, or document such settings.
This is the system socket file, rkhunter needs fixing, not xpra.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2006