PDA

View Full Version : After running Rootkit Hunter Scan....

Jcorrea920
6th April 2006, 22:31
I have the Perfect set up with Fedora Core 4.
Apache 2.0.54
PHP 5.0
MySQL 4.1.16
ISPConfig 2.2.0

So my question is that after I run the rkhunter I am advised to inspect two hidden folders with hidden files inside of them.
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files...[ Warning! ]
---------------
/dev/.udevdb /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory)

What exactly am I looking for? How do I know if these are evil files or necessary for my system?
[postmaster@ccs02 ~]$ ls -la /dev/.udevdb
total 92
drwxr-xr-x 2 root root 500 Feb 16 11:14 .
drwxr-xr-x 10 root root 5000 Feb 16 11:15 ..
-rw-r--r-- 1 root root 21 Feb 16 03:14 block@fd0
-rw-r--r-- 1 root root 226 Feb 16 03:14 block@hda
-rw-r--r-- 1 root root 469 Feb 16 03:14 block@hda@hda1
-rw-r--r-- 1 root root 437 Feb 16 03:14 block@hda@hda2
-rw-r--r-- 1 root root 476 Feb 16 03:14 block@hda@hda3
-rw-r--r-- 1 root root 31 Feb 16 03:14 block@hdc
-rw-r--r-- 1 root root 38 Feb 16 03:14 block@hdd
-rw-r--r-- 1 root root 23 Feb 16 03:14 block@ram0
-rw-r--r-- 1 root root 19 Feb 16 03:14 block@ram1
-rw-r--r-- 1 root root 23 Feb 16 03:14 class@input@event0
-rw-r--r-- 1 root root 21 Feb 16 03:14 class@input@mice
-rw-r--r-- 1 root root 23 Feb 16 03:14 class@input@mouse0
-rw-r--r-- 1 root root 19 Feb 16 03:14 class@mem@null
-rw-r--r-- 1 root root 25 Feb 16 11:14 class@misc@device-mapper
-rw-r--r-- 1 root root 19 Feb 16 11:14 class@printer@lp0
-rw-r--r-- 1 root root 24 Feb 16 11:14 class@sound@controlC0
-rw-r--r-- 1 root root 23 Feb 16 03:14 class@sound@midiC0D0
-rw-r--r-- 1 root root 24 Feb 16 03:14 class@sound@pcmC0D0c
-rw-r--r-- 1 root root 24 Feb 16 03:14 class@sound@pcmC0D0p
-rw-r--r-- 1 root root 24 Feb 16 03:14 class@sound@pcmC0D1p
-rw-r--r-- 1 root root 24 Feb 16 03:14 class@sound@pcmC0D2p
-rw-r--r-- 1 root root 18 Feb 16 03:14 class@sound@seq
-rw-r--r-- 1 root root 21 Feb 16 03:14 class@sound@timer


[postmaster@ccs02 ~]$ ls -la /etc/.pwd.lock
-rw------- 1 root root 0 Sep 15 2005 /etc/.pwd.lock


Am I in big trouble or what?:confused:
falko
6th April 2006, 23:33
rkhunter is always complaining about those files/directories. Nothing to worry about. :)
Jcorrea920
7th April 2006, 00:56
Thanks for your help...:)