I'm running Ubuntu 7.10 with the standard Gnome desktop.

While scanning with rkhunter I got the following warning:Checking for hidden files and directories [ Warning ]
and the following advise: All results have been written to the logfile (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log

I think it's an FP related to some legitimate app.

When I went to open the file, I found that I could not! Phew!

Searched the web, found plenty of reference to /var/log/rkhunter.log but no instruction as to how to open it.

How would I open such a file?

I would think you could open it with any of the standard text edtitors... Did you try Gedit?

Tried gedit, didn't work.
Used: sudo gedit /var/log/rkhunter.log and that worked.

This is what it revealed:


[00:46:03] Checking for hidden files and directories [ Warning ]
[00:46:03] Warning: Hidden directory found: /etc/.java
[00:46:03] Warning: Hidden directory found: /dev/.static
[00:46:03] Warning: Hidden directory found: /dev/.udev
[00:46:03] Warning: Hidden directory found: /dev/.initramfs


I don't think it's anything to worry about but I'd like one of you Linux wizards to confirm this.

If it's an FP as I suspect is there a command that will whitelist it?

My guess is there's nothing to worry about. There are many folders and files hidden in Linux. Any folder or directory can be hidden by putting a "." in front of it, and it's quite common to see a lot of them in your /home/username directory.. Set your file browser to display hidden files and you'll see all of them.

Via 'sudo' (or Terminal, input app name & click 'Tab' 2x in successions).... query rkHunter thru 'help/list' to see if it had other optional commands for tweaking (ie. whitelisting) rkHunter. Or look for the included operation-manual of rkHunter, if you downloaded it as a package or goto rkHunter's site for that manual.

Base on your posted report.... the last three are Hunter's components, the first is associated with java. It was an FP!

Hello,
You're cool. BTW, why would you wanna run it?
Do you have any reason to doubt your system might have been compromised?
Mrk

Thanks for the confirmation, guys.

Mrkovich: No reason at all to think that my system has been compromised but I'm still very new to Linux and though I've made the transition from windows in a relatively painless way and after two months I feel very comfortable using Ubuntu, nevertheless I'm still not sure how far I can thrust it.

I have read that rootkits can be problem in Linux and when I saw these results I was a little concerned.

Thinking about it last night, I came to the conclusion that it would be very difficult for a rootkit to gain entry.

Most of the software I'm using is cannonical apart from Songbird, which I couldn't resist installing, buggy and all as it is. Hope Ubuntu add it to the canon when the final is released.

Where would the rootkit come from, I thought? I don't think that Ubuntu is vulnerable to drive-by exploits as Windows is. I doubt if the makers of Songbird have hidden anything in the package and besides (correct me if I'm wrong) Songbird is Open-Source.

I figured that there was nothing to worry about but I'm glad to have this opinion confirmed nonetheless.

Thanks, Guys.