Dimitri Yioulos
2012-05-07 17:22:37 UTC
Hello, all.
This morning, I upgraded to RKH 1.4.0 on one of my CentOS 5.9 boxes. I made
appropriate tweaks to rkhunter.conf, but am coming up with the following
warnings:
[09:15:12] Info: Starting test name 'filesystem'
[09:15:12] Performing filesystem checks
[09:15:12] Info: SCAN_MODE_DEV set to 'THOROUGH'
[09:15:13] Checking /dev for suspicious file types [ Warning ]
[09:15:13] Warning: Suspicious file types found in /dev:
[09:15:13] /dev/.udev/db/***@printer@lp0: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda1: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda2: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda3: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda5: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda6: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda7: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda9: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda4: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda8: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda10: ASCII text
[09:15:13] /dev/.udev/db/***@usb_device@usbdev2.1: ASCII text
[09:15:13] /dev/.udev/db/***@sda: ASCII text
[09:15:14] /dev/.udev/db/***@hdc: ASCII text
[09:15:14] /dev/.udev/db/***@usb_device@usbdev1.1: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@event1: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@event2: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@event0: ASCII text
[09:15:14] /dev/.udev/db/***@fd0: ASCII text
[09:15:14] /dev/.udev/db/***@ram0: ASCII text
[09:15:14] /dev/.udev/db/***@ram1: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@mouse0: ASCII text
[09:15:14] /dev/.udev/db/***@misc@device-mapper: ASCII text
[09:15:14] /dev/.udev/db/***@input@mice: ASCII text
[09:15:14] /dev/.udev/uevent_seqnum: ASCII text
These are legitimate files. I've whitelisted the directory /dev/.udev/db, but
to no avail.
Can anyone please tell me how to suppress these warnings?
Thanks.
Dimitri
This morning, I upgraded to RKH 1.4.0 on one of my CentOS 5.9 boxes. I made
appropriate tweaks to rkhunter.conf, but am coming up with the following
warnings:
[09:15:12] Info: Starting test name 'filesystem'
[09:15:12] Performing filesystem checks
[09:15:12] Info: SCAN_MODE_DEV set to 'THOROUGH'
[09:15:13] Checking /dev for suspicious file types [ Warning ]
[09:15:13] Warning: Suspicious file types found in /dev:
[09:15:13] /dev/.udev/db/***@printer@lp0: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda1: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda2: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda3: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda5: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda6: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda7: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda9: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda4: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda8: ASCII text
[09:15:13] /dev/.udev/db/***@sda@sda10: ASCII text
[09:15:13] /dev/.udev/db/***@usb_device@usbdev2.1: ASCII text
[09:15:13] /dev/.udev/db/***@sda: ASCII text
[09:15:14] /dev/.udev/db/***@hdc: ASCII text
[09:15:14] /dev/.udev/db/***@usb_device@usbdev1.1: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@event1: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@event2: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@event0: ASCII text
[09:15:14] /dev/.udev/db/***@fd0: ASCII text
[09:15:14] /dev/.udev/db/***@ram0: ASCII text
[09:15:14] /dev/.udev/db/***@ram1: ASCII text
[09:15:14] /dev/.udev/db/***@input@***@mouse0: ASCII text
[09:15:14] /dev/.udev/db/***@misc@device-mapper: ASCII text
[09:15:14] /dev/.udev/db/***@input@mice: ASCII text
[09:15:14] /dev/.udev/uevent_seqnum: ASCII text
These are legitimate files. I've whitelisted the directory /dev/.udev/db, but
to no avail.
Can anyone please tell me how to suppress these warnings?
Thanks.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.