rkhunter showing false positives? Why .pwd.lock?
Roger Grosswiler
roger at gwch.net
Tue Apr 11 06:14:16 UTC 2006
Hey,
I sent this input today to rootkit.nl. Is rkhunter showing some false
positives?
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udevdb /usr/share/man/man1/.avcrc /usr/share/man/man1/..1.gz
/usr/share/man/man8/.avcrc /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory) /usr/share/man/man1/.avcrc (data)
/usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression)
/usr/share/man/man8/.avcrc (data)
I run version 1.2.8 from rkunter on a FC4-Server. Whilst i am sure, that
the .udevdb are false +, i ask myself why it creates the .pwd.lock
Roger
More information about the fedora-list
mailing list