Bug#626218: Warning: Hidden directory found: /etc/.java from sun-java6-bin.postinst

Jayen Ashar j__n at yahoo.com
Tue May 10 23:30:41 UTC 2011


Sorry about that.  I had a few warnings out of the box, that after
verifying they were all from signed packages from signed repositories, I
got annoyed and opened this bug report.  I didn't realise how many
scripts I would have to go through to recognise these as false positives.

I wish rkhunter would check known false positives by checking which
packages are installed, comparing md5sums, package/repository
signatures, etc.  I realise that an advanced rootkit targeting
debian-rkhunter could fake all of these, but if it's targeting
debian-rkhunter, we're pretty screwed anyway.

--Jayen

On 10/05/11 11:28, Julien Valroff wrote:
> Le mardi 10 mai 2011 à 02:02:15 (+0200 CEST), Jayen Ashar a écrit :
>> Package: rkhunter
>> Version: 1.3.6-5
>> Severity: normal
>>
>> After installing sun-java6-bin, rkhunter reports:
>> Warning: Hidden directory found: /etc/.java
> 
> Comment out the related entry in /etc/rkhunter.conf if you are sure this
> directory is safe.
> 
> This is not a problem, neither in rkhunter, nor in sun-java6-bin, hence
> closing this bug.
> 
> Cheers,
> Julien
> 






More information about the forensics-devel mailing list