Home / server / Questions / 318232
Accepted
John Magnolia
Asked: 2011-10-05 00:06:52 +0800 CST

rkhunter error message, how to fix?

  • 772

I am receiving the following errors from rkhunter. I have recently upgraded my server from lenny to squeeze and this may have caused the problem. How do I fix this or hide the error messages?

Warning: The modules file '/proc/modules' is missing.
Warning: Suspicious file types found in /dev:
         /dev/shm/network/ifstate: ASCII text
Warning: Hidden directory found: /dev/.udev

I also not get a second email: Please inspect this machine, because it may be infected. Please can anybody point me in the right direction to find the cause of these errors?

linux debian-squeeze rkhunter

1 Answers

  1. Best Answer

    First of all, they are only warnings, not errors.

    Warning: The modules file '/proc/modules' is missing.

    rkhunter is trying to check the kernel modules, but it cannot because the file /proc/modules doesn't exist. You can disable the test by changing the below line:

    DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"

    to:

    DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps os_specific"

    About the second warning:

    Warning: Suspicious file types found in /dev:
         /dev/shm/network/ifstate: ASCII text

    If /dev/shm/network/ifstate is a known good file, you can white-list it by adding the following line in /etc/rkhunter.conf:

    ALLOWDEVFILE=/dev/shm/network/ifstate

    About the third line:

    Warning: Hidden directory found: /dev/.udev

    Similar to above, to avoid this warning, you can reconfigure rkhunter to ignore this directory:

    ALLOWHIDDENDIR=/dev/.udev
    • 14