After running Rootkit Hunter Scan....

Discussion in 'General' started by Jcorrea920, Apr 6, 2006.

  1. Jcorrea920

    Jcorrea920 New Member

    I have the Perfect set up with Fedora Core 4.
    Apache 2.0.54
    PHP 5.0
    MySQL 4.1.16
    ISPConfig 2.2.0

    So my question is that after I run the rkhunter I am advised to inspect two hidden folders with hidden files inside of them.
    What exactly am I looking for? How do I know if these are evil files or necessary for my system?
    Code:
    [[email protected] ~]$ ls -la /dev/.udevdb
    total 92
    drwxr-xr-x   2 root root  500 Feb 16 11:14 .
    drwxr-xr-x  10 root root 5000 Feb 16 11:15 ..
    -rw-r--r--   1 root root   21 Feb 16 03:14 [email protected]
    -rw-r--r--   1 root root  226 Feb 16 03:14 [email protected]
    -rw-r--r--   1 root root  469 Feb 16 03:14 [email protected]@hda1
    -rw-r--r--   1 root root  437 Feb 16 03:14 [email protected]@hda2
    -rw-r--r--   1 root root  476 Feb 16 03:14 [email protected]@hda3
    -rw-r--r--   1 root root   31 Feb 16 03:14 [email protected]
    -rw-r--r--   1 root root   38 Feb 16 03:14 [email protected]
    -rw-r--r--   1 root root   23 Feb 16 03:14 [email protected]
    -rw-r--r--   1 root root   19 Feb 16 03:14 [email protected]
    -rw-r--r--   1 root root   23 Feb 16 03:14 [email protected]@event0
    -rw-r--r--   1 root root   21 Feb 16 03:14 [email protected]@mice
    -rw-r--r--   1 root root   23 Feb 16 03:14 [email protected]@mouse0
    -rw-r--r--   1 root root   19 Feb 16 03:14 [email protected]@null
    -rw-r--r--   1 root root   25 Feb 16 11:14 [email protected]@device-mapper
    -rw-r--r--   1 root root   19 Feb 16 11:14 [email protected]@lp0
    -rw-r--r--   1 root root   24 Feb 16 11:14 [email protected]@controlC0
    -rw-r--r--   1 root root   23 Feb 16 03:14 [email protected]@midiC0D0
    -rw-r--r--   1 root root   24 Feb 16 03:14 [email protected]@pcmC0D0c
    -rw-r--r--   1 root root   24 Feb 16 03:14 [email protected]@pcmC0D0p
    -rw-r--r--   1 root root   24 Feb 16 03:14 [email protected]@pcmC0D1p
    -rw-r--r--   1 root root   24 Feb 16 03:14 [email protected]@pcmC0D2p
    -rw-r--r--   1 root root   18 Feb 16 03:14 [email protected]@seq
    -rw-r--r--   1 root root   21 Feb 16 03:14 [email protected]@timer
    
    Code:
    [[email protected] ~]$ ls -la /etc/.pwd.lock
    -rw-------  1 root root 0 Sep 15  2005 /etc/.pwd.lock
    
    Am I in big trouble or what?:confused:
     
  2. falko

    falko Super Moderator ISPConfig Developer

    rkhunter is always complaining about those files/directories. Nothing to worry about. :)
     
  3. Jcorrea920

    Jcorrea920 New Member

    Thanks for your quick response

    Thanks for your help...:)
     

Share This Page