I am running Ubuntu 10.04.1 LTS . I am running rkhunter to check for rootkits.
rkhunter is complaining about the following hidden files and directories. I think these files are not a real problem on my system, but how can I check to see if these files are legitimate files?
[07:57:45] Checking for hidden files and directories [ Warning ]
[07:57:45] Warning: Hidden directory found: /etc/.java
[07:57:45] Warning: Hidden directory found: /dev/.udev
[07:57:45] Warning: Hidden directory found: /dev/.initramfs
Update
Turns out that these directories are specifically mentioned in /etc/rkhunter.conf , which suggests that this is a frequently asked rkhunter question. From rkhunter.conf :
#
# Allow the specified hidden directories.
# One directory per line (use multiple ALLOWHIDDENDIR lines).
#
#ALLOWHIDDENDIR=/etc/.java
#ALLOWHIDDENDIR=/dev/.udev
#ALLOWHIDDENDIR=/dev/.udevdb
#ALLOWHIDDENDIR=/dev/.udev.tdb
#ALLOWHIDDENDIR=/dev/.static
#ALLOWHIDDENDIR=/dev/.initramfs
#ALLOWHIDDENDIR=/dev/.SRC-unix
#ALLOWHIDDENDIR=/dev/.mdadm
Basically ask Google, but those 3 are not dangerous!
/etc/.java is created by sun-java (and possible also by OpenJDK) /dev/.udev is created by the udevd daemon /dev/.initramfs is if I remember correctly where the initial ram filesystem is mounted during the system boot process.