[SWLUG] root kit hunter HELP!
Gareth Bowker
tgb at tgb.org.uk
Tue Feb 14 13:23:46 UTC 2006
On Tue, Feb 14, 2006 at 01:04:38PM +0000, Dick Bain wrote:
> having installed and got working rkhunter, I get the following warning:
>
> * Filesystem checks
> Checking /dev for suspicious files... [ OK ]
> Scanning for hidden files... [ Warning! ]
> ---------------
> /dev/.static
> /dev/.udevdb
> /dev/.initramfs-tools /etc/.pwd.lock
> ---------------
> Please inspect: /dev/.static (directory) /dev/.udevdb (directory)
>
>
> I run ubuntu and, as a user, cannot look at the /dev/.static directory and
> the /dev/.udevdb is full of things like block at hda@hda4
>
> Should I worry?
Short answer: probably not. I think that's just an artifact of udev.
Basically, rkhunter doesn't seem to know about it, so it's flagging it
up as a warning (/dev/ never used to have dotfiles inside it).
If you're concerned, I guess a quick google for "rkhunter /dev/.static"
will bring up some results.
Cheers,
Gareth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20060214/65d550d4/attachment.pgp>
More information about the Swlug
mailing list