rkhunter complains about files shipped by Ubuntu
Bug #86153 reported by
Mikkel Høgh
This bug affects 9 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rkhunter (Ubuntu) |
Fix Released
|
Low
|
Marco Rodrigues |
Bug Description
Binary package hint: rkhunter
When running rkhunter on my (several) Ubuntu 6.06, I have found at least 4 files/dirs/symlinks shipped by Ubuntu itself that is found to be "suspicious" by rkhunter.
These are:
/lib/modules/
/dev/.static
/dev/.udev
/dev/.initramfs
Although it is easy to add these to the the allow-list in /etc/rkhunter.conf, it's annoying to have to do this on all your servers, so I think it would be sensible for Ubuntu to add these to the rkhunter.conf we ship.
Changed in rkhunter: | |
importance: | Undecided → Low |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
I can confirm it. In edgy and feisty, the daily cronjob still always warns about:
Found warnings:
[07:38:24] WARNING, found: /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory) /etc/.java (directory)