LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-20-2007, 01:16 PM   #1
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,452

Rep: Reputation: 85
rootkit hunter


Code:
Warning: The file '/usr/sbin/inetd' does not exist on the system, but it is present in the rkhunter.dat file.
Warning: Hidden directory found: /etc/.java
Warning: Hidden directory found: /dev/.static
Warning: Hidden directory found: /dev/.udev
Warning: Hidden directory found: /dev/.initramfs

One or more warnings have been found while checking the system.
I get that email each day when cron runs rkhunter. What do these warnings mean? Why do those hidden directories exist? If these warnings are nothing to worry about, how can I get rkhunter to stop complaining about them because it is emailing me everyday? The first warning occurs because I removed xinetd from my system recently. How can I get rkhunter to quit emailing me about it?

Last edited by fakie_flip; 10-20-2007 at 01:29 PM.
 
Old 10-20-2007, 02:41 PM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
The purpose of rootkits is to conceal themselves. So rkhunter is pointing out things that might be considered suspicious (in this case hidden directories in /dev), and it is up to you to determine whether they should be there or not.

As far as emailing you ... The way I handled a similar situation using chkrootkit was I wrote a script which redirected stdout/stderr to a file each day, retaining the previous day's file. It notifies me only if the contents of that file change. Because chkrootkit errs on the side of caution, I still get notification of "suspicious" things that turn out to be normal.

BTW, you will probably get more security expertise if you post questions like this on the security forum. Use the report button if you would like a moderator to move this thread.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkit Hunter: looking for C++ developers unSpawn Linux - Security 0 07-26-2006 08:03 AM
Rootkit Hunter: looking for C/C++ developers unSpawn Programming 0 07-26-2006 08:03 AM
Announce: Rootkit Hunter mailinglist unSpawn Linux - Security 0 01-25-2006 04:23 PM
DISCUSSION: The Rootkit Hunter jeremy LinuxAnswers Discussion 0 10-10-2005 07:36 PM
Rootkit hunter question NNP Linux - Security 1 07-03-2005 06:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration