Ubuntu
rkhunter package

Warnings after using rootkit hunter. What to do?

Asked by martin

I have been running rootkithunter (rkhunter) and 2 warnings resulted.
1. Suspicious file types in /dev
2. Hidden files and directories
How to find out more details about this suspicious files and hidden files/directories?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu rkhunter Edit question
Assignee:
No assignee Edit question
Solved by:
martin
Solved:
Last query:
Last reply:
Revision history for this message
marcobra (Marco Braida) (marcobra) said : 		#1

"Some files are generating false alarms because is very hard, for rkhunter developers, to keep the track of all the files or hidden files on all Linux distributions. The most common files what are generating this alarms are:...."

read here:

http://www.randombugs.com/hacker/scan-rootkits-ubuntu-debian.html

Also read the https://answers.launchpad.net/ubuntu/+source/rkhunter already answered questions here

Revision history for this message
martin (mmdowing) said : 		#2

Thanks, this partially helps.
How to get more information about concerned file or directory?
For now it is flagged as suspicious /dev file.
I understand that /dev file is a temporary file, but how to find out exact file name?
How to find this hidden file or directory which is a subject of another warning, so I can see what it is?

Revision history for this message
marcobra (Marco Braida) (marcobra) said : 		#3

http://sourceforge.net/mailarchive/forum.php?forum_name=rkhunter-users

Revision history for this message
martin (mmdowing) said : 		#4

Thanks, I have found that there is a switch --display-log and if used all what I wanted to know is revealed.