Running rkhunter for the first time

[smolloy]

I just installed and ran rkhunter, and I got a result I'm a little unsure about. During the filesystem check it said that it was checking for hidden files and it told me to inspect /dev/.udev.

I had a look around inside it and didn't find anything suspicious, but then what would I know! I've tried to post what I found here, but for some dumb reason copy and paste by clicking both mouse buttons has decided to stop working

Anyway -- does anyone have any ideas about the rkhunter output?

[fingal]

It's probably not much to worry about. To copy and paste are you able to highlight the output and select 'Copy' as a menu option from the top of the Bash environment (I'm assuming Bash ... maybe you prefer Sh?)

rkhunter is quite good at producing alarming output ... Actually it's very useful and can highlight system vulnerabilities you wouldn't otherwise know about ... but it can also scare the pants of you.

You might try pasting some of the output into Google between a " " to see if that provides illumination.

[devils casper]

During the filesystem check it said that it was checking for hidden files and it told me to inspect /dev/.udev

same warning message in my box. there are two more folders listed having name starting with dot.
i checked /dev folder but nothing was suspicious and i ignored these warnings. i am not in Linux box right now. i will check it again. do let me know if you find any info regarding this. i will also google about it.



Casper

[Dapper Dan]

I'm with fingal and devils_casper on this, nothing to worry about. I get that one too along with other hidden files in /etc and /dev. I check them from time to time and they are just empty files with no text. Another thing about RKhunter: No matter how up to date my openssl is, it always shows that it as vulnerable! Haven't figured that one out yet. RKHunter is a great Linux app.

[fingal]

Another thing about RKhunter: No matter how up to date my openssl is, it always shows that it as vulnerable! Haven't figured that one out yet. RKHunter is a great Linux app.

Ah! Now that really is interesting ... I get the same message about OpenSSL and it had been worrying me! Now I'm not worried, so I'm pleased I read this.

[smolloy]

Thanks guys. It's good to know that all's safe and sound with my server!

[Thrillhouse]

While we're on the subject, I get a bunch of bad MD5 checksums on my system tools, 23 out of 52 in fact, when running rkhunter. I didn't think it would be a big deal but is there something I should do about them? I tried running rkhunter --update but that didn't seem to do much. I've looked around the internet for the same problem and it seems like some people have encountered it but just don't do anything about it. So should I just ignore them?