asked on

rkhunter warnings

Hello experts,

I'm running rkhunter on a centos 6.4 . After running the scan I got this warning. I search online but couldn't find an answer. Is this something to worry about? if not how can I bypass this warning on the rkhunter configuration file?

[21:10:14]   Checking /dev for suspicious file types         [ Warning ]
[21:10:14] Warning: Suspicious file types found in /dev:
[21:10:14]          /dev/md/md0.pid: ASCII text

Open in new window

deviprasad_s

dear prsn ,

the udev daemon creates the files in the /dev directory and it is the only deamon that does this , in its latest incarnation .
the prescense of txt files is legitimate .

these are device specific files ..

as you see , the files arelinked to udev ---- test fies in the fig attached by me ...

the only problem arries when ,your files are not linked to the udev : then the suspicious files exits .
/dev/md/md0.pid: ASCII text --refers to some raid device txt file
software raid one ...

check weather its linked to udev daemon -if so its legitimate and no need to worry . your system is safe .

other wise ,

upgrade your rkhunter software to the latest version , and runthe scan agian ,

the device files should be linked to the udev ,otehr wise you system is some how compromised as such .
rootkit.JPG

prsn

ASKER

Hello deviprasad_s

Thanks for the fast response. My rkhunter version is 1.4.0 which is the latest. This is a recently installed Centos OS so I'm sure the system is not compromised. Is there a way to tell rkhunter to omit this file from the scan?

I search under /etc/rkhunter.conf but I couldn't find where to comment this specific file.

Regards,
prsn

ASKER CERTIFIED SOLUTION

deviprasad_s

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

prsn

ASKER

Thanks for the feedback and recommendations.