Announcement

Collapse
No announcement yet.

rkhunter: warnings

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    rkhunter: warnings

    Hi all.

    I have installed the the "rkhunter" rootkit detection program.

    Running it using the default settings, it produces the following warnings:

    Code:
    [20:49:41]  Checking for hidden files and directories    [ Warning ]
[20:49:41] Warning: Hidden directory found: /etc/.java
[20:49:41] Warning: Hidden directory found: /dev/.static
[20:49:41] Warning: Hidden directory found: /dev/.udev
[20:49:41] Warning: Hidden directory found: /dev/.initramfs
[20:49:41] Warning: Hidden file found: /dev/.tmp-2-0: block special (2/0)
    Is this normal for Kubuntu, or should I be concerned about these warnings coming up?

    BTW
    Only these issues came up from the rkhunter scan on my system.
    I have also updated its data definition files via its online update.

    Many thanks

    Andy
    Tags: None
    • Top
    • Bottom
    #2
    Re: rkhunter: warnings

    Those hidden directories are normal (rkhunter likely reports them because hidden directories are rather uncommon outside /home directory...and I guess may sometimes indicate malicious software)

    The hidden file is likely created by this bug:
    https://bugs.launchpad.net/ubuntu/+s...ev/+bug/132546
    which is reported as fixed, is your system up to date?
    • Top
    • Bottom

    Comment

      #3
      Re: rkhunter: warnings

      Hi Kubicle

      Thanks once again for your timely and helpful reply.
      I wanted to check that those unusual listings were kosher!

      I have read the bug report that you mentioned.

      To answer your question:
      Yes. My Gutsy install is up-to-date.

      The installed version of udev is currently 113-0 .... whereas the fix is in 117-5.
      Therefore I can only assume that the fix is available for Heron and not yet backported to Gutsy (looks like it came from Debian).
      I was trying to hang on until Ibex. However it looks that an early bird might have to swoop over my system...

      Cheers

      Andy
      • Top
      • Bottom

      Comment

      Previous template Next
      Working...
      X