prsn
asked on
rkhunter warnings
Hello experts,
I'm running rkhunter on a centos 6.4 . After running the scan I got this warning. I search online but couldn't find an answer. Is this something to worry about? if not how can I bypass this warning on the rkhunter configuration file?
I'm running rkhunter on a centos 6.4 . After running the scan I got this warning. I search online but couldn't find an answer. Is this something to worry about? if not how can I bypass this warning on the rkhunter configuration file?
[21:10:14] Checking /dev for suspicious file types [ Warning ]
[21:10:14] Warning: Suspicious file types found in /dev:
[21:10:14] /dev/md/md0.pid: ASCII text
ASKER
Hello deviprasad_s
Thanks for the fast response. My rkhunter version is 1.4.0 which is the latest. This is a recently installed Centos OS so I'm sure the system is not compromised. Is there a way to tell rkhunter to omit this file from the scan?
I search under /etc/rkhunter.conf but I couldn't find where to comment this specific file.
Regards,
prsn
Thanks for the fast response. My rkhunter version is 1.4.0 which is the latest. This is a recently installed Centos OS so I'm sure the system is not compromised. Is there a way to tell rkhunter to omit this file from the scan?
I search under /etc/rkhunter.conf but I couldn't find where to comment this specific file.
Regards,
prsn
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the feedback and recommendations.
the udev daemon creates the files in the /dev directory and it is the only deamon that does this , in its latest incarnation .
the prescense of txt files is legitimate .
these are device specific files ..
as you see , the files arelinked to udev ---- test fies in the fig attached by me ...
the only problem arries when ,your files are not linked to the udev : then the suspicious files exits .
/dev/md/md0.pid: ASCII text --refers to some raid device txt file
software raid one ...
check weather its linked to udev daemon -if so its legitimate and no need to worry . your system is safe .
other wise ,
upgrade your rkhunter software to the latest version , and runthe scan agian ,
the device files should be linked to the udev ,otehr wise you system is some how compromised as such .
rootkit.JPG