Just to add a little to what Hans said, I did a little research on this on my system, and determined the following: .udev is used by the hotplug/automount system to maintain a dynamic database of connections and failed connections .static is used by udev to maintain a list of non-removable (static) devices .initramfs is used by udev to manage the udev filesystem(which is derived from the ramfs filesystem) der.hans wrote: > Am 04. Aug, 2006 schwätzte alex@crackpot.org so: > >> I run the program rkhunter daily to search for rootkits. Recently, it >> found some hidden directories in /dev, and reported them as suspicious. >> >> /dev/.static > > Probably be udev. Note that it's a directory. > > dpkg -L udev | grep static > > Nothing for that, so it's probably created by some udev function. > >> /dev/.udev > > Definitely udev. > >> /dev/.initramfs >> /dev/.initramfs-tools > > Probably udev. > > Check the udev package for what files it needs. > > rkhunter probably needs to know about these files and not report them. > Hopefully it'll still check them to make sure they're the files they're > supposed to be. > > ciao, > > der.hans > >> >> This is on a Debian machine. >> # uname -a >> Linux kiltlifter 2.6.16-2-686 #1 Sat Jul 15 21:59:21 UTC 2006 i686 >> GNU/Linux >> # more /etc/debian_version >> testing/unstable >> >> I have searched the rkhunter mailing list for a mention of these files. >> Nothing. I've searched Google. Nothing yet. I've tried to see if they >> belong to a package (using dpkg -S). Nothing. I've wandered around in >> the directories and tried to identify the contents, but I haven't had any >> breakthroughs. >> >> Can anyone help me identify these directories and verify that they should >> actually be on my system? >> >> I wish I could say what changed on the day that I first saw this warning. >> This is a personal server, and though I keep its packages up to date, I >> don't have tons of time to invest in its maintainence. I've had this >> warning from rkhunter for a while, but haven't had time to investigate. >> (Very sorry, I'm sure that information would be helpful...) >> >> thanks, >> alex >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change you mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > > ------------------------------------------------------------------------ > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss