strange directories
jack
jdangler at terremark.com
Sat Oct 20 16:35:23 UTC 2007
On Sat, 2007-10-20 at 12:24 -0400, sktsee wrote:
> On Fri, 19 Oct 2007 17:24:30 -0400, jack wrote:
>
> > I ran rkhunter this afternoon, and it asked me to check a few
> > directories, namely -
> > /etc/.pwd.lock
> > /etc/.java
> > /dev/.static
> > /dev/.udev
> > /dev/.initramfs
> > /dev/.initramfs-tools
> >
> > I'm trying to gather up info on these, since I'm not familiar with
> them.
> > /dev/.static is particularly disturbing, though, since it contains a
> > directory which essentially is a copy of all of /dev
> >
> > If anyone has some insight about these, I'd appreciate knowing...
>
> I think the following is correct.
> /etc/.pwd.lock <--used to lock passwd file during use of adduser
> program
> /etc/.java <--used by jvm to hold system wide java config when run
> by root
> /dev/.static <--created by some init/udevd system initialization-foo
> /dev/.udev <-- location of udev database of device nodes.
> /dev/.initramfs <--initramfs tracking of sytem boot progress for
> splash
> /dev/.initramfs-tools <--created by init script, but I don't know its
> purpose.
>
> They're all legitimate system files/directories, though. You can tell
> rkhunter to stop flagging them by uncommenting their ALLOWHIDDEN lines
> in
> /etc/rkhunter.conf.
>
> --
> sktsee
sktsee~
Wow! I was hoping for a little info - that's a trough load! Thanks very
much for the info. I'll check these further, and if they are all
benign, I'll add them to my rkhunter conf.
Jack
More information about the ubuntu-users
mailing list