I have the Perfect set up with Fedora Core 4. Apache 2.0.54 PHP 5.0 MySQL 4.1.16 ISPConfig 2.2.0 So my question is that after I run the rkhunter I am advised to inspect two hidden folders with hidden files inside of them. What exactly am I looking for? How do I know if these are evil files or necessary for my system? Code: [[email protected] ~]$ ls -la /dev/.udevdb total 92 drwxr-xr-x 2 root root 500 Feb 16 11:14 . drwxr-xr-x 10 root root 5000 Feb 16 11:15 .. -rw-r--r-- 1 root root 21 Feb 16 03:14 [email protected] -rw-r--r-- 1 root root 226 Feb 16 03:14 [email protected] -rw-r--r-- 1 root root 469 Feb 16 03:14 [email protected]@hda1 -rw-r--r-- 1 root root 437 Feb 16 03:14 [email protected]@hda2 -rw-r--r-- 1 root root 476 Feb 16 03:14 [email protected]@hda3 -rw-r--r-- 1 root root 31 Feb 16 03:14 [email protected] -rw-r--r-- 1 root root 38 Feb 16 03:14 [email protected] -rw-r--r-- 1 root root 23 Feb 16 03:14 [email protected] -rw-r--r-- 1 root root 19 Feb 16 03:14 [email protected] -rw-r--r-- 1 root root 23 Feb 16 03:14 [email protected]@event0 -rw-r--r-- 1 root root 21 Feb 16 03:14 [email protected]@mice -rw-r--r-- 1 root root 23 Feb 16 03:14 [email protected]@mouse0 -rw-r--r-- 1 root root 19 Feb 16 03:14 [email protected]@null -rw-r--r-- 1 root root 25 Feb 16 11:14 [email protected]@device-mapper -rw-r--r-- 1 root root 19 Feb 16 11:14 [email protected]@lp0 -rw-r--r-- 1 root root 24 Feb 16 11:14 [email protected]@controlC0 -rw-r--r-- 1 root root 23 Feb 16 03:14 [email protected]@midiC0D0 -rw-r--r-- 1 root root 24 Feb 16 03:14 [email protected]@pcmC0D0c -rw-r--r-- 1 root root 24 Feb 16 03:14 [email protected]@pcmC0D0p -rw-r--r-- 1 root root 24 Feb 16 03:14 [email protected]@pcmC0D1p -rw-r--r-- 1 root root 24 Feb 16 03:14 [email protected]@pcmC0D2p -rw-r--r-- 1 root root 18 Feb 16 03:14 [email protected]@seq -rw-r--r-- 1 root root 21 Feb 16 03:14 [email protected]@timer Code: [[email protected] ~]$ ls -la /etc/.pwd.lock -rw------- 1 root root 0 Sep 15 2005 /etc/.pwd.lock Am I in big trouble or what?