rkhunter marks bootchart files as suspicious

Bug #1581860 reported by A. Mani on 2016-05-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rkhunter (Ubuntu)
Undecided
Unassigned

Bug Description

1. Rkhunter thinks many files in /dev/.bootchart are suspicious.
2. Takes lot more time to complete.

_______________________________________edited log___________________

# sudo rkhunter -c -sk
[ Rootkit Hunter version 1.4.2 ]

[11:54:47] Checking configuration file and command-line options...
[11:54:47] Info: Detected operating system is 'Linux'
[11:54:47] Info: Found O/S name: Ubuntu 16.04 LTS
[11:54:47] Info: Command line is /usr/bin/rkhunter -c -sk
[11:54:47] Info: Environment shell is /bin/bash; rkhunter is using dash
[11:54:47] Info: Using configuration file '/etc/rkhunter.conf'
[11:54:47] Info: Installation directory is '/usr'
[11:54:47] Info: Using language 'en'
[11:54:47] Info: Using '/var/lib/rkhunter/db' as the database directory
[11:54:47] Info: Using '/usr/share/rkhunter/scripts' as the support script directory

(skip)

[11:56:33] Info: SCAN_MODE_DEV set to 'THOROUGH'
[12:25:30] Checking /dev for suspicious file types
12:25:30] Checking /dev for suspicious file types [ Warning ]
[12:25:30] Warning: Suspicious file types found in /dev:
[12:25:30] /dev/.udev/rules.d/root.rules: ASCII text
[12:25:30] /dev/.bootchart/log/header: ASCII text
[12:25:30] /dev/.bootchart/log/proc_ps.log: ASCII text, with very long lines
[12:25:30] /dev/.bootchart/log/proc_diskstats.log: ASCII text
[12:25:30] /dev/.bootchart/log/proc_stat.log: ASCII text, with very long lines
[12:25:30] /dev/.bootchart/proc/bus/pci/00/00.0: data
[12:25:30] /dev/.bootchart/proc/bus/pci/00/00.2: data
[12:25:30] /dev/.bootchart/proc/bus/pci/00/01.0: data
[12:25:30] /dev/.bootchart/proc/bus/pci/00/04.0: dBase III DBT, version number 0, next free block index 336859170
[12:25:30] /dev/.bootchart/proc/bus/pci/00/11.0: data

(skip)

[12:25:30] /dev/.bootchart/proc/bus/pci/00/16.2: data
[12:25:30] /dev/.bootchart/proc/bus/pci/00/18.0: dBase III DBT, version number 0, next free block index 335548450

(skip)

[12:25:33] The system checks took: 30 minutes and 45 seconds
_________________________________________________________

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers