rkhunter Warning: Hidden file found: /dev/.blkid.tab: ASCII text

Asked by ubuntin

Hi!

Just recently, rkhunter found something hidden, I don't know what is it, I couldn't find anything on google able to explain it properly.

Warning: Hidden file found: /dev/.blkid.tab: ASCII text
Warning: Hidden file found: /dev/.blkid.tab.old: ASCII text

Are these hidden files of any concern?
Are them legitimate Ubuntu system files, what are them?
What can I do to fix it?

Ubuntu 9.10 converted in Kubuntu.

Any help, will be very much appreciated,

Ubuntin.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu rkhunter Edit question
Assignee:
No assignee Edit question
Solved by:
Soul-Sing
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

I don't have that file myself, you can open it to read the contents. /dev/ is a tempfs so will be lost on power off and reformed on reboot.

Revision history for this message
Soul-Sing (soulzing) said :
#2

this warning is very much related to bugs : https://bugs.edge.launchpad.net/ubuntu/+source/rkhunter/+bug/86153
: http://<email address hidden>/msg174435.html
So imho your not in any kind of troubles.

Revision history for this message
Best Soul-Sing (soulzing) said :
#3

a false positive.

Revision history for this message
ubuntin (sotoananda) said :
#4

Hello to all!

I want to thank you all for your prompt response, I scanned my system today with rkhunter and the Warning disappeared, I couldn't find any of the /dev/.blkid.tab: ASCII text files, either.

How weird???

Everything happened when on the 17th day of this month, I went to: Synaptic > Preferences > Columns and Fonts tab, checked the: Use custom application font and Use custom Terminal font option and changed the size of the fonts. Then I scanned the system as I do routinely and the Warning in question appeared.

You all with your wise comments helped to solve this issue, but to close this question I am going to click on the: "This Solved My Problem" link, for leoquant.

Thank you all, for your help.
ubuntin

Revision history for this message
ubuntin (sotoananda) said :
#5

Thanks leoquant, that solved my question.

Revision history for this message
Opuntia (kdelaney) said :
#6

To be explicit, the presence of the hidden files: /dev/.blkid.tab and/or /dev/.blkid.tab.old, means that you ran the "blkid" command, and did not subsequently reboot. No need for whitelisting in RKHunter. Just reboot your system and these files and RKHunter warnings will disappear !

Revision history for this message
Jonathan D (dugan-ubuntulaunchpad) said :
#7

This is not solved.

14.04.1 LTS

rebooting did not remove them.

adding

ALLOWDEVFILE="/dev/.blkid.tab"
ALLOWDEVFILE="/dev/.blkid.tab.old"

does not work, they still appear as false positives.

offering rebooting as a solution does not work - many situations rebooting is hard.

stating it's just "false positives" is also not a solution at all, it's still a huge problem. This package is a warning system. False positives mean users stop paying attention to the warnings, so the package completely doesn't work.

Why after years of using Ubuntu is RKHUNTER the package I'm constantly fscking with to make it work. It's not that hard, just whitelist files that come with the OS.

I still don't have a solution to this problem.

Revision history for this message
Soul-Sing (soulzing) said :
#8

This the best our community made about debugging rkhunter: https://help.ubuntu.com/community/RKhunter
The package is known for his false positives. The best solution after reading the wiki, to google the rkhunter warnings.
The package comes with a process: exim4. Not harmful, but stil a new service.

Revision history for this message
BJ (taylors2004) said :
#9

Add this to rkhunter.conf:

ALLOWHIDDENFILE="/dev/.blkid.tab"
ALLOWHIDDENFILE="/dev/.blkid.tab.old"

And the warnings go away.

Thanks.