rkhunter warning about /etc/.java /etc/.udev /etc/.initramfs
23,116
Basically ask Google, but those 3 are not dangerous!
/etc/.java is created by sun-java (and possible also by OpenJDK) /dev/.udev is created by the udevd daemon /dev/.initramfs is if I remember correctly where the initial ram filesystem is mounted during the system boot process.
Related videos on Youtube
Author by
yop83
Updated on September 17, 2022Comments
-
yop83 over 1 year
I am running Ubuntu 10.04.1 LTS . I am running rkhunter to check for rootkits.
rkhunter is complaining about the following hidden files and directories. I think these files are not a real problem on my system, but how can I check to see if these files are legitimate files?
[07:57:45] Checking for hidden files and directories [ Warning ] [07:57:45] Warning: Hidden directory found: /etc/.java [07:57:45] Warning: Hidden directory found: /dev/.udev [07:57:45] Warning: Hidden directory found: /dev/.initramfs
Update
Turns out that these directories are specifically mentioned in /etc/rkhunter.conf , which suggests that this is a frequently asked rkhunter question. From rkhunter.conf :
# # Allow the specified hidden directories. # One directory per line (use multiple ALLOWHIDDENDIR lines). # #ALLOWHIDDENDIR=/etc/.java #ALLOWHIDDENDIR=/dev/.udev #ALLOWHIDDENDIR=/dev/.udevdb #ALLOWHIDDENDIR=/dev/.udev.tdb #ALLOWHIDDENDIR=/dev/.static #ALLOWHIDDENDIR=/dev/.initramfs #ALLOWHIDDENDIR=/dev/.SRC-unix #ALLOWHIDDENDIR=/dev/.mdadm
-
Richard Holloway almost 14 years+1 You get similar false positives in chkrootkit too. It is because rkhunter is set up to treat hidden directories as suspicious.
-
João Pimentel Ferreira over 2 yearsuncomment or add the line
ALLOWHIDDENDIR=/etc/.java
in/etc/rkhunter.conf