On Mon, 2006-05-01 at 15:23 -0400, Bob Goodwin wrote: > Gilboa Davara wrote: > > On Mon, 2006-05-01 at 08:16 -0700, Michael A. Peters wrote: > > > >> On Mon, 2006-05-01 at 10:16 -0400, Bob Goodwin wrote: > >> > >> > >>> Of course I'm not certain of the validity of either check when > >>> chkrootkit and rkhunter are installed "after the fact?" > >>> > >> I also have a /dev/.udev directory. > >> And I have /usr/share/man/man1/..1.gz - owned by bash. > >> > >> I don't have /etc/.java - but I did not install the java stuff on this > >> box. > >> > >> > > > > I'd suggest you use this patch. > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190248 > > > > Gilboa > > > Ok, I made the changes as specified there. > > It looks like it also wants "#ALLOWHIDDENDIR=/etc/.java" uncommented > also? If > that's a legitimate fix? > > ******************** result ******************************* > > Result rc.d files check [ OK ] > Checking history files > Bourne Shell [ OK ] > > * Filesystem checks > Checking /dev for suspicious files... [ OK ] > Scanning for hidden files... [ Warning! ] > --------------- > /dev/.udev /usr/share/man/man1/..1.gz /etc/.pwd.lock /etc/.java > --------------- > Please inspect: /dev/.udev (directory) /etc/.java (directory) > > ************************************************************ > > BobG > You'll need to add /dev/.udev, /etc/.java to ALLOWHIDDENDIR and /usr/share/man/man1/..1.gz, /etc/.pwd.lock to ALLOWHIDDENFILE Gilboa
