[Rkhunter-users] False positives on FC5
Brought to you by:
dogsbody
From: Robin B. <rob...@ro...> - 2006-08-08 11:10:20
|
Hi, I've just started using rkhunter, unfortunatley just *after* getting root-kitted :( Anyway, I find that I'm getting a false positive on Fedora Core 5: * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.udev /usr/share/man/man1/..1.gz /etc/.pwd.lock --------------- Please inspect: /dev/.udev (directory) /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev appears to be a bona fide directory containing device info for the udev subsystem. /usr/share/man/man1/..1.gz is from the bash RPM: # rpm -qf /usr/share/man/man1/..1.gz bash-3.1-6.2 .pwd.lock was an empty file - I've deleted it: -rw------- 1 root root 0 Apr 21 14:02 .pwd.lock How would I go about modifying rkhunter to not report these files as +ve tests? Thanks, R. |