Bug#655175: rkhunter error message related?

To: 655175@bugs.debian.org
Subject: Bug#655175: rkhunter error message related?
From: Martin von Wittich <martin.von.wittich@iserv.eu>
Date: Fri, 17 Feb 2012 16:28:53 +0100
Message-id: <[🔎] 4F3E7235.6060200@iserv.eu>
Reply-to: Martin von Wittich <martin.von.wittich@iserv.eu>, 655175@bugs.debian.org

We're getting a rkhunter error message on some of our servers; as
/run/initramfs is renamed to /dev/.initramfs in the initramfs init
script, I think this might be related:

[06:25:24]   Checking for hidden files and directories       [ Warning ]
[06:25:24] Warning: Hidden file found: /dev/.initramfs: setuid setgid
sticky directory

The permissions of /dev/.initramfs on the affected server:

root@iserv:~# LANG=C ls -ld /dev/.initramfs/
drwsrwsrwt 2 root root 40 Feb 16 09:16 /dev/.initramfs/

Of our 49 squeeze servers, 2 are affected. None of our 438 lenny servers
are affected, so I'd say this is a) a squeeze bug and b) pretty rare :)

If I can help in any way to track this down, tell me what is should look
for. In the meantime I will configure our rkhunters to ignore
/dev/.initramfs permissions.

Reply to:

Prev by Date: Processed: reassign to linux-2.6/2.6.32-41
Next by Date: Bug#638921: firmware-netxen: HP NC375i network card fails to autonegotiate with a 100full cisco switch
Previous by thread: Processed: reassign to linux-2.6/2.6.32-41
Next by thread: Bug#660258: md truncates devices
Index(es):
- Date
- Thread