Dear All, Recently I just saw the link to the new rkhunter 1.1.7; downloaded, and tried it. That's incredible easy to handle, but got few strange lines in my log (SUSE 9.1) I can't wholly understand:
* Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb --------------- Please inspect: /etc/.java (directory)
The binary file /dev/.udev.tdb I have already from installation-time; and the hidenn /etc/.java folder has only this stuff inside:
khazad-dum:~ # ls -lR /etc/.java /etc/.java: total 6 drwxr-xr-x 3 root root 80 2004-08-03 21:26 . drwxr-xr-x 60 root root 6168 2004-09-04 21:53 .. drwxr-xr-x 2 root root 120 2004-08-03 21:26 .systemPrefs
/etc/.java/.systemPrefs: total 0 drwxr-xr-x 2 root root 120 2004-08-03 21:26 . drwxr-xr-x 3 root root 80 2004-08-03 21:26 .. -rw-r--r-- 1 root root 0 2004-04-06 03:06 .system.lock -rw-r--r-- 1 root root 0 2004-04-06 03:06 .systemRootModFile khazad-dum:~ #
Is it OK to be worried now; or not really, 'cause that's normal/common?! Thanks, Peli
On Saturday 04 September 2004 4:52 pm, Peli wrote:
/dev/.udev.tdb
That's a normal required file, see here for more information... http://arstechnica.com/etc/linux/2004/linux.ars-20040413-1.html Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.5-7.108-default x86_64
* Peli
Recently I just saw the link to the new rkhunter 1.1.7; downloaded, and tried it. That's incredible easy to handle, but got few strange lines in my log (SUSE 9.1) I can't wholly understand:
* Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb --------------- Please inspect: /etc/.java (directory)
Not to worry. I have the same files (SuSE 9.0). rkhunter is written to be used in many linux systems and the author maintains that you should be suspicious of hidden files (. files) under /etc. If you wish, I can forward to you the communication I had with him over this same matter several version prior. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos
participants (3)
-
Patrick Shanahan
-
Peli
-
Scott Leighton