Announcement

Collapse
No announcement yet.

rkhunter: warnings

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    rkhunter: warnings

    Hi all.

    I have installed the the "rkhunter" rootkit detection program.

    Running it using the default settings, it produces the following warnings:

    Code:
    [20:49:41]  Checking for hidden files and directories    [ Warning ]
    [20:49:41] Warning: Hidden directory found: /etc/.java
    [20:49:41] Warning: Hidden directory found: /dev/.static
    [20:49:41] Warning: Hidden directory found: /dev/.udev
    [20:49:41] Warning: Hidden directory found: /dev/.initramfs
    [20:49:41] Warning: Hidden file found: /dev/.tmp-2-0: block special (2/0)
    Is this normal for Kubuntu, or should I be concerned about these warnings coming up?

    BTW
    Only these issues came up from the rkhunter scan on my system.
    I have also updated its data definition files via its online update.

    Many thanks

    Andy

    #2
    Re: rkhunter: warnings

    Those hidden directories are normal (rkhunter likely reports them because hidden directories are rather uncommon outside /home directory...and I guess may sometimes indicate malicious software)

    The hidden file is likely created by this bug:
    https://bugs.launchpad.net/ubuntu/+s...ev/+bug/132546
    which is reported as fixed, is your system up to date?

    Comment


      #3
      Re: rkhunter: warnings

      Hi Kubicle

      Thanks once again for your timely and helpful reply.
      I wanted to check that those unusual listings were kosher!

      I have read the bug report that you mentioned.

      To answer your question:
      Yes. My Gutsy install is up-to-date.

      The installed version of udev is currently 113-0 .... whereas the fix is in 117-5.
      Therefore I can only assume that the fix is available for Heron and not yet backported to Gutsy (looks like it came from Debian).
      I was trying to hang on until Ibex. However it looks that an early bird might have to swoop over my system...

      Cheers

      Andy

      Comment

      Users Viewing This Topic

      Collapse

      There are 0 users viewing this topic.

      Working...