[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should I install chkrootkit?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/08/2014 05:11 PM, Charles Kroeger wrote:

> next question: how does one see a 'hidden file' if one receives a
> warning in rkhunter about having two on your system? I can always
> delete /etc/.java and /etc/.fstab but what then? (why the 'dot' in
> front of the .java and .fstab)

The 'dot' at the start of the filename is how *nix systems traditionally
mark a "hidden file". Any filename beginning with a dot will be treated
as "hidden", and any filename not beginning with one won't.

To see them in a terminal, the command is

$ ls -a

but if you use a GUI for filesystem browsing et cetera, the way to see
such hidden files will almost certainly be specific to that GUI.

> Warning: Hidden directory found: '/etc/.java'
> Warning: Hidden file found: /etc/.fstab: ASCII text

The /etc/.java directory is a known common false-positive from rkhunter;
rkhunter properly detects that it's a hidden directory where one
theoretically shouldn't be, but that particular hidden directory can
often be automatically created for perfectly harmless reasons.

If you've looked at that directory and verified that it's what it should
be, and you want to tell rkhunter to ignore it in future, there should
be a commented-out line in the rkhunter config file (which I think is
/etc/rkhunter.conf) specifically to make that happen. I usually do that
myself, on the systems where I run rkhunter.

I haven't seen /etc/.fstab before, though. While I can't confirm it's a
problem, you might want to dig deeper on that one. (At least look at the
contents of the file and see how it compares to your in-use /etc/fstab.)

- --
   The Wanderer

Secrecy is the beginning of tyranny.

A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJTlOpmAAoJEASpNY00KDJrScMP/RzUNCNvsCxEvPYtL7AUApri
ap3cFJwoOWAZeH/ROmqlgUdChGGwa/8PDndMUqO+J5FIGX0EoqQxZB3mmgD+3Mup
fwxUOwrTm6222qkMPKOHdG2R3GkdP7fPRcF3qQOiM4aUwsC8CJM37bTVy+WsExYk
ml9oP5ypX/ihhueEx5Iq/VlG7gyvRIkJ1IL2xwutYkn+0THiUGXJr6aa28D39L8Z
jVMQzC9cA4nbdMTJfDCCsAoI2LjP7QMbDGL8AL1PLJ4YZnpz5L7w46J4fELs6Dvt
zu1nXwHpbSDXzhrZzxoTyOukUDQLmrHf2014hfVXPWXTfvQZl2eDYAzx7BKDfFyu
PF45h+Nw5L1ZYAOjSzbdYK4OcynN1G6BAehlYPfLwSsfoac6inF3dLrFnKaiNWiP
MqDlTzw9+lruwQxeMq65+LoXtNEtimGUbbh3McWGS6Ix62A3IsGctar6Q8fPjQ5a
IOwdG2LfWA4uk8pYCXex0COlqKNVgaA1YplLsH/Qkvo6Y3iFnufkfcRNkR0lI8Fu
pyOAqZK+LMEqkSrl6Mmo2TkX6025Ry38LSyezQusmQkPXjRhMXLTfysB8U0vlXX5
/OFrWXfLqEeuV3xWKQ2taiYQIUEQT3pGbz8KQCMA5YQTs9w2zpuPDCcf+dk1bGXK
vMqEnUA6Xe8z4ChOJF+h
=uQBm
-----END PGP SIGNATURE-----


Reply to: