Package: rkhunter Version: 1.4.0-3 Severity: normal Dear Maintainer, I'm getting daily rkhunter cron jobs reports with the message:
""" Warning: Hidden directory found: /dev/.lxc """ AFAIN I have just beeing updating the system, I've checked the config files but I haven't found any ALLOWDEVS ... or ALLOWHIDDEN... with that directory name in it (no hint). IHMO if that's normal it should not be a warning. Thanks in advance! xiscu -- System Information: Debian Release: jessie/sid Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.24.51.20140903-1 ii debconf [debconf-2.0] 1.5.53 ii file 1:5.19-2 ii net-tools 1.60-26 ii perl 5.20.0-6 ii ucf 3.0030 Versions of packages rkhunter recommends: ii curl 7.38.0-1 ii exim4-daemon-light [mail-transport-agent] 4.84-2 ii iproute 1:3.16.0-2 ii lsof 4.86+dfsg-1 ii unhide 20121229-1 ii wget 1.15-1+b1 Versions of packages rkhunter suggests: pn bsd-mailx | mailutils | heirloom-mailx | mailx <none> pn libdigest-whirlpool-perl <none> ii liburi-perl 1.64-1 ii libwww-perl 6.08-1 ii powermgmt-base 1.31+nmu1 ii tripwire 2.4.2.2-4 -- Configuration Files: /etc/default/rkhunter changed: CRON_DAILY_RUN="yes" CRON_DB_UPDATE="yes" DB_UPDATE_EMAIL="false" REPORT_EMAIL="root" APT_AUTOGEN="" NICE="0" RUN_CHECK_ON_BATTERY="false" /etc/rkhunter.conf changed: ROTATE_MIRRORS=1 UPDATE_MIRRORS=1 MIRRORS_MODE=0 MAIL-ON-WARNING="" MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" TMPDIR=/var/lib/rkhunter/tmp DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/share/rkhunter/scripts UPDATE_LANG="" LOGFILE=/var/log/rkhunter.log APPEND_LOG=0 COPY_LOG_ON_ERROR=0 COLOR_SET2=0 AUTO_X_DETECT=1 WHITELISTED_IS_WHITE=0 ALLOW_SSH_ROOT_USER=no ALLOW_SSH_PROT_V1=0 ENABLE_TESTS="all" DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps" SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep SCRIPTWHITELIST=/bin/which SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/usr/sbin/adduser SCRIPTWHITELIST=/usr/sbin/prelink IMMUTABLE_SET=0 PHALANX2_DIRTEST=0 ALLOWDEVFILE="/dev/shm/pulse-shm-*" ALLOW_SYSLOG_REMOTE_LOGGING=0 SUSPSCAN_TEMP=/dev/shm SUSPSCAN_MAXSIZE=10240000 SUSPSCAN_THRESH=200 USE_LOCKING=0 LOCK_TIMEOUT=300 SHOW_LOCK_MSGS=1 DISABLE_UNHIDE=0 INSTALLDIR="/usr" -- debconf information: rkhunter/cron_db_update: yes rkhunter/apt_autogen: rkhunter/cron_daily_run: yes _______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel