Fedora Users — rkhunter showing false positives? Why .pwd.lock?

rkhunter showing false positives? Why .pwd.lock?

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: fedora-list@xxxxxxxxxx

Subject: rkhunter showing false positives? Why .pwd.lock?

From: "Roger Grosswiler" <roger@xxxxxxxx>

Date: Tue, 11 Apr 2006 08:14:16 +0200 (CEST)

Importance: Normal

Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

User-agent: SquirrelMail/1.4.6 [CVS]-0.cvs20050812.1.fc4

Hey,

I sent this input today to rootkit.nl. Is rkhunter showing some false
positives?

* Filesystem checks
   Checking /dev for suspicious files...   [ OK ]
   Scanning for hidden files...  [ Warning! ]
---------------
 /dev/.udevdb  /usr/share/man/man1/.avcrc /usr/share/man/man1/..1.gz
/usr/share/man/man8/.avcrc  /etc/.pwd.lock
---------------
Please inspect:  /dev/.udevdb (directory)  /usr/share/man/man1/.avcrc (data)
/usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression)
/usr/share/man/man8/.avcrc (data)


I run version 1.2.8 from rkunter on a FC4-Server. Whilst i am sure, that
the .udevdb are false +, i ask myself why it creates the .pwd.lock

Roger