LinuxQuestions.org - rootkit hunter

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - rootkit hunter (https://www.linuxquestions.org/questions/linux-software-2/rootkit-hunter-593294/)

Code:

Warning: The file '/usr/sbin/inetd' does not exist on the system, but it is present in the rkhunter.dat file.

Warning: Hidden directory found: /etc/.java

Warning: Hidden directory found: /dev/.static

Warning: Hidden directory found: /dev/.udev

Warning: Hidden directory found: /dev/.initramfs



One or more warnings have been found while checking the system.

I get that email each day when cron runs rkhunter. What do these warnings mean? Why do those hidden directories exist? If these warnings are nothing to worry about, how can I get rkhunter to stop complaining about them because it is emailing me everyday? The first warning occurs because I removed xinetd from my system recently. How can I get rkhunter to quit emailing me about it?

The purpose of rootkits is to conceal themselves. So rkhunter is pointing out things that might be considered suspicious (in this case hidden directories in /dev), and it is up to you to determine whether they should be there or not.

As far as emailing you ... The way I handled a similar situation using chkrootkit was I wrote a script which redirected stdout/stderr to a file each day, retaining the previous day's file. It notifies me only if the contents of that file change. Because chkrootkit errs on the side of caution, I still get notification of "suspicious" things that turn out to be normal.

BTW, you will probably get more security expertise if you post questions like this on the security forum. Use the report button if you would like a moderator to move this thread.