Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-15-2006, 03:09 PM
|
#1
|
Member
Registered: Apr 2006
Posts: 78
Rep:
|
/dev/.udev? Googled, nothing. Searched here, nothing.
Running "rkhunter" brought my attention to this file -
/dev/.udev
/..
/db
/failed
Contents of /db;
block@hda
block@hda@hda1
block@hda@hda10
etc...
Doesn't matter at this point what is in /failed..
Deleting the file /dev/.udev prevents certain programs from running, including "system-config-services"...
Is this a "fake" file setup used by an intruder bypassing /var/run/udev?
svarmido
|
|
|
10-15-2006, 04:19 PM
|
#2
|
Member
Registered: Dec 2005
Location: Edmonton
Distribution: BLFS, Gentoo
Posts: 353
Rep:
|
If you are trying to know more about /dev/.udev, guess you should probably look into the udev source code ! Cheers !!
|
|
|
10-15-2006, 07:02 PM
|
#3
|
Moderator
Registered: May 2001
Posts: 29,415
|
Is this a "fake" file setup used by an intruder bypassing /var/run/udev?
Most likely not, "man udev" for info and if you "grep udev rkhunter.conf" you'll see it's a common dir that can be excluded from scan.
|
|
|
10-16-2006, 03:08 PM
|
#4
|
Member
Registered: Apr 2006
Posts: 78
Original Poster
Rep:
|
Most likely not? A pretty equivocal response. There is no reference to /dev/.udev anywhere in the man file, only /dev and /etc/udev/. Looking into the source code is not something I have the skill or knowledge to do.
Is /dev/.udev present in others Fedora Core 5 installs?
svarmido
|
|
|
10-16-2006, 04:30 PM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
Udev-102.tar.gz, RELEASE-NOTES, line 315:
The option "udev_db" does no longer exist. All udev state will be in /$udev_root/.udev/ now, there is no longer an option to set this to anything else. If the init script or something else used this value, just depend on this hardcoded path. But remember _all_content_ of this directory is still private to udev and can change at any time.
So this is the dir where Udev tools keep state.
|
|
|
10-16-2006, 05:00 PM
|
#6
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
Quote:
Originally Posted by svarmido
Most likely not? A pretty equivocal response. There is no reference to /dev/.udev anywhere in the man file, only /dev and /etc/udev/. Looking into the source code is not something I have the skill or knowledge to do.
Is /dev/.udev present in others Fedora Core 5 installs?
svarmido
|
In older versions of udev, you could set the location of the udev database inside udev.conf (you could set the variable udev_db just like udev_root or udev_rules). If you read the RELEASE-NOTES (specifically lines 315-316), it says there is no longer an option to alter this variable (it will always be set to “/$udev_root/.udev/”) (ever since version 076).
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 02:02 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|