How do I open this file in Ubuntu 7.10?

Discussion in 'other security issues & news' started by Riverrun, Nov 25, 2007.

Thread Status:
Not open for further replies.
  1. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    I'm running Ubuntu 7.10 with the standard Gnome desktop.

    While scanning with rkhunter I got the following warning:Checking for hidden files and directories [ Warning ]
    and the following advise: All results have been written to the logfile (/var/log/rkhunter.log)
    One or more warnings have been found while checking the system.
    Please check the log file (/var/log/rkhunter.log


    I think it's an FP related to some legitimate app.

    When I went to open the file, I found that I could not! Phew!

    Searched the web, found plenty of reference to /var/log/rkhunter.log but no instruction as to how to open it.

    How would I open such a file?
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I would think you could open it with any of the standard text edtitors... Did you try Gedit?
     
  3. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Tried gedit, didn't work.
    Used: sudo gedit /var/log/rkhunter.log and that worked.

    This is what it revealed:


    [00:46:03] Checking for hidden files and directories [ Warning ]
    [00:46:03] Warning: Hidden directory found: /etc/.java
    [00:46:03] Warning: Hidden directory found: /dev/.static
    [00:46:03] Warning: Hidden directory found: /dev/.udev
    [00:46:03] Warning: Hidden directory found: /dev/.initramfs


    I don't think it's anything to worry about but I'd like one of you Linux wizards to confirm this.

    If it's an FP as I suspect is there a command that will whitelist it?
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    My guess is there's nothing to worry about. There are many folders and files hidden in Linux. Any folder or directory can be hidden by putting a "." in front of it, and it's quite common to see a lot of them in your /home/username directory.. Set your file browser to display hidden files and you'll see all of them.
     
  5. clambermatic

    clambermatic Registered Member

    Joined:
    Oct 10, 2007
    Posts:
    216
    Via 'sudo' (or Terminal, input app name & click 'Tab' 2x in successions).... query rkHunter thru 'help/list' to see if it had other optional commands for tweaking (ie. whitelisting) rkHunter. Or look for the included operation-manual of rkHunter, if you downloaded it as a package or goto rkHunter's site for that manual.

    Base on your posted report.... the last three are Hunter's components, the first is associated with java. It was an FP!
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    You're cool. BTW, why would you wanna run it?
    Do you have any reason to doubt your system might have been compromised?
    Mrk
     
  7. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Thanks for the confirmation, guys.

    Mrkovich: No reason at all to think that my system has been compromised but I'm still very new to Linux and though I've made the transition from windows in a relatively painless way and after two months I feel very comfortable using Ubuntu, nevertheless I'm still not sure how far I can thrust it.

    I have read that rootkits can be problem in Linux and when I saw these results I was a little concerned.

    Thinking about it last night, I came to the conclusion that it would be very difficult for a rootkit to gain entry.

    Most of the software I'm using is cannonical apart from Songbird, which I couldn't resist installing, buggy and all as it is. Hope Ubuntu add it to the canon when the final is released.

    Where would the rootkit come from, I thought? I don't think that Ubuntu is vulnerable to drive-by exploits as Windows is. I doubt if the makers of Songbird have hidden anything in the package and besides (correct me if I'm wrong) Songbird is Open-Source.

    I figured that there was nothing to worry about but I'm glad to have this opinion confirmed nonetheless.

    Thanks, Guys.
     
Loading...
Thread Status:
Not open for further replies.