Bug#655175: rkhunter error message related?
We're getting a rkhunter error message on some of our servers; as
/run/initramfs is renamed to /dev/.initramfs in the initramfs init
script, I think this might be related:
[06:25:24] Checking for hidden files and directories [ Warning ]
[06:25:24] Warning: Hidden file found: /dev/.initramfs: setuid setgid
sticky directory
The permissions of /dev/.initramfs on the affected server:
root@iserv:~# LANG=C ls -ld /dev/.initramfs/
drwsrwsrwt 2 root root 40 Feb 16 09:16 /dev/.initramfs/
Of our 49 squeeze servers, 2 are affected. None of our 438 lenny servers
are affected, so I'd say this is a) a squeeze bug and b) pretty rare :)
If I can help in any way to track this down, tell me what is should look
for. In the meantime I will configure our rkhunters to ignore
/dev/.initramfs permissions.
Reply to: