I run the program rkhunter daily to search for rootkits. Recently, it
found some hidden directories in /dev, and reported them as suspicious.
/dev/.static
/dev/.udev
/dev/.initramfs
/dev/.initramfs-tools
This is on a Debian machine.
# uname -a
Linux kiltlifter 2.6.16-2-686 #1 Sat Jul 15 21:59:21 UTC 2006 i686 GNU/Linux
# more /etc/debian_version
testing/unstable
I have searched the rkhunter mailing list for a mention of these files.
Nothing. I've searched Google. Nothing yet. I've tried to see if they
belong to a package (using dpkg -S). Nothing. I've wandered around in
the directories and tried to identify the contents, but I haven't had any
breakthroughs.
Can anyone help me identify these directories and verify that they should
actually be on my system?
I wish I could say what changed on the day that I first saw this warning.
This is a personal server, and though I keep its packages up to date, I
don't have tons of time to invest in its maintainence. I've had this
warning from rkhunter for a while, but haven't had time to investigate.
(Very sorry, I'm sure that information would be helpful...)
thanks,
alex
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)