Re: understanding chkrootkit and rkhunter logs

About /lib/init/rw/.ramfs: I also suffer from daily false-positive mails.
Seems like it's a bad behavior which should be fixed...

- Oren

I'm sorry for asking a totally newbie question but I haven't found an
answer to this. I'm really curious and concerned about what is reported by
the chkrootkit and rkhunter on my Debian Etch home server.

Here's what I get when I run them:


Searching for suspicious files and dirs, it may take a while...

Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient[2181])

In the system mail I also get this:

The following suspicious files and directories were found:

eth0: PACKET SNIFFER(/sbin/dhclient[2136])

RKHUNTER reports this:

* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning!
/etc/.pwd.lock /dev/.static
Please inspect: /dev/.static (directory) /dev/.udev (directory)
/dev/.initramfs (directory)

Is this something to be worried about? How can I investigate further into
these two issues?


Relevant Pages