[SWLUG] root kit hunter HELP!

Gareth Bowker tgb at tgb.org.uk
Tue Feb 14 13:23:46 UTC 2006


On Tue, Feb 14, 2006 at 01:04:38PM +0000, Dick Bain wrote:
> having installed and got working rkhunter, I get the following warning:
> 
> * Filesystem checks
>    Checking /dev for suspicious files...                      [ OK ]
>    Scanning for hidden files...                               [ Warning! ]
> ---------------
>  /dev/.static
> /dev/.udevdb
> /dev/.initramfs-tools /etc/.pwd.lock
> ---------------
> Please inspect:  /dev/.static (directory)  /dev/.udevdb (directory)
> 
> 
> I run ubuntu and, as a user, cannot look at the /dev/.static directory and
> the /dev/.udevdb is full of things like block at hda@hda4
> 
> Should I worry?

Short answer: probably not. I think that's just an artifact of udev.
Basically, rkhunter doesn't seem to know about it, so it's flagging it
up as a warning (/dev/ never used to have dotfiles inside it).
If you're concerned, I guess a quick google for "rkhunter /dev/.static"
will bring up some results.

Cheers,

Gareth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20060214/65d550d4/attachment.pgp>


More information about the Swlug mailing list