Hey, I sent this input today to rootkit.nl. Is rkhunter showing some false positives? * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.udevdb /usr/share/man/man1/.avcrc /usr/share/man/man1/..1.gz /usr/share/man/man8/.avcrc /etc/.pwd.lock --------------- Please inspect: /dev/.udevdb (directory) /usr/share/man/man1/.avcrc (data) /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /usr/share/man/man8/.avcrc (data) I run version 1.2.8 from rkunter on a FC4-Server. Whilst i am sure, that the .udevdb are false +, i ask myself why it creates the .pwd.lock Roger
