Re: Should I install chkrootkit?
-----BEGIN PGP SIGNED MESSAGE-----
On 06/08/2014 05:11 PM, Charles Kroeger wrote:
> next question: how does one see a 'hidden file' if one receives a
> warning in rkhunter about having two on your system? I can always
> delete /etc/.java and /etc/.fstab but what then? (why the 'dot' in
> front of the .java and .fstab)
The 'dot' at the start of the filename is how *nix systems traditionally
mark a "hidden file". Any filename beginning with a dot will be treated
as "hidden", and any filename not beginning with one won't.
To see them in a terminal, the command is
$ ls -a
but if you use a GUI for filesystem browsing et cetera, the way to see
such hidden files will almost certainly be specific to that GUI.
> Warning: Hidden directory found: '/etc/.java'
> Warning: Hidden file found: /etc/.fstab: ASCII text
The /etc/.java directory is a known common false-positive from rkhunter;
rkhunter properly detects that it's a hidden directory where one
theoretically shouldn't be, but that particular hidden directory can
often be automatically created for perfectly harmless reasons.
If you've looked at that directory and verified that it's what it should
be, and you want to tell rkhunter to ignore it in future, there should
be a commented-out line in the rkhunter config file (which I think is
/etc/rkhunter.conf) specifically to make that happen. I usually do that
myself, on the systems where I run rkhunter.
I haven't seen /etc/.fstab before, though. While I can't confirm it's a
problem, you might want to dig deeper on that one. (At least look at the
contents of the file and see how it compares to your in-use /etc/fstab.)
Secrecy is the beginning of tyranny.
A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----