On Sun, 06 Jul 2008 21:02:05 +0200 Terry <fastsnip- [EMAIL PROTECTED]> wrote: >Warning: Hidden directory found: /dev/.static >Warning: Hidden directory found: /dev/.udev >Warning: Hidden directory found: /dev/.initramfs
>I really do not know if this warning is significant or not. I have read >the FAQs and one section there seemed to indicate that warnings of this >sort are serious. There's really two answers: - The short one is that if you look in your rkhunter.conf at "#ALLOWHIDDENDIR" you'll see a few hints for common false positives. Uncommenting the matching entries will enable whitelisting, meaning you won't get alerted for those again. - The long, correct, qualitatively "better" answer is that you should first use the package management tools your distribution provides to validate those directory names. Verification using package management tools, file integrity checkers (Aide, Samhain, Osiris or even tripwire), or manual identification (like with Udev, dynamically created ones) are the only realistic and "safe" way to verify and *make certain* those entries are supposed to be there. If you have verified those dirs (and any contents?) are OK, *then* whitelist them. Regards, unSpawn --- -- Enter for Your Chance to WIN* The TotalBeauty.com Summer Spa Sweepstakes! http://tagline.hushmail.com/fc/JKFkuIjyZ57pdwGt6vJVbSSOFhc1houAgYBKK54ceA9OxdOe9Gej7q/ ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
