These are known issues.
>From /usr/share/doc/rkhunter/README.Debian
Below is a list of common hidden files and directories known to set off
false alarms in rkhunter:
* /dev/.static/, /dev/.udev & /dev/.udevdb/ - used by udev
IIRC, there are already bug reports filed about initramfs false positives.
Anthony
On 8/4/06,
alex@crackpot.org <
alex@crackpot.org> wrote:
> I run the program rkhunter daily to search for rootkits. Recently, it
> found some hidden directories in /dev, and reported them as suspicious.
>
> /dev/.static
> /dev/.udev
> /dev/.initramfs
> /dev/.initramfs-tools
>
> This is on a Debian machine.
> # uname -a
> Linux kiltlifter 2.6.16-2-686 #1 Sat Jul 15 21:59:21 UTC 2006 i686 GNU/Linux
> # more /etc/debian_version
> testing/unstable
>
> I have searched the rkhunter mailing list for a mention of these files.
> Nothing. I've searched Google. Nothing yet. I've tried to see if they
> belong to a package (using dpkg -S). Nothing. I've wandered around in
> the directories and tried to identify the contents, but I haven't had any
> breakthroughs.
>
> Can anyone help me identify these directories and verify that they should
> actually be on my system?
>
> I wish I could say what changed on the day that I first saw this warning.
> This is a personal server, and though I keep its packages up to date, I
> don't have tons of time to invest in its maintainence. I've had this
> warning from rkhunter for a while, but haven't had time to investigate.
> (Very sorry, I'm sure that information would be helpful...)
>
> thanks,
> alex
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)