false positives on 12.04.1

Asked by Jonathan D

rkhunter, even after setting everything I can in the /etc/rkhunter.conf config file still reports

Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /dev/.blkid.tab: ASCII text
Warning: Hidden file found: /dev/.blkid.tab.old: ASCII text
Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

running
3.2.0-34-generic #53-Ubuntu SMP Thu Nov 15 10:48:16 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

rkhunter:
Rootkit Hunter 1.3.8

Ubuntu 12.04.1 LTS

How do I fix this?

without a solution, I'm going to edit the crontab and grep out these errors.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu rkhunter Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jonathan D (dugan-ubuntulaunchpad) said :
#1

rebooting got rid of both .blkid.tab entries as per
https://answers.launchpad.net/ubuntu/+source/rkhunter/+question/98038

(IMO) with production servers, rebooting is not really an acceptable solution for this, it's a workaround, especially if they come back each time blkid is run.

still remaining are:
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

Revision history for this message
Jonathan D (dugan-ubuntulaunchpad) said :
#2

http://sourceforge.net/mailarchive/message.php?msg_id=28258565

another post about this bug from Oct 2011

Revision history for this message
N1ck 7h0m4d4k15 (nicktux) said :
#3

Yes , this is a known bug with rkhunter.. we cannot solve it here , developers will handle this..

Here is the bug : https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/219840

We cannot do much , just know that is a bug and is false alarm.

Thanks

P.S : Do not forget to hit the button "Yes it affects me" in the bug page. (it matters for the heat to go UP)

Can you help with this problem?

Provide an answer of your own, or ask Jonathan D for more information if necessary.

To post a message you must log in.