Bug#762877: Warning: Hidden directory found: /dev/.lxc

xiscu xiscu at email.de
Thu Sep 25 20:52:00 UTC 2014 

Package: rkhunter
Version: 1.4.0-3
Severity: normal

Dear Maintainer,
I'm getting daily rkhunter cron jobs reports with the message:

"""
Warning: Hidden directory found: /dev/.lxc
"""

AFAIN I have just beeing updating the system, I've checked 
the config files but I haven't found any ALLOWDEVS ... or
ALLOWHIDDEN... with that directory name in it (no hint).

IHMO if that's normal it should not be a warning.

Thanks in advance!
xiscu

-- System Information:
Debian Release: jessie/sid
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rkhunter depends on:
ii  binutils               2.24.51.20140903-1
ii  debconf [debconf-2.0]  1.5.53
ii  file                   1:5.19-2
ii  net-tools              1.60-26
ii  perl                   5.20.0-6
ii  ucf                    3.0030

Versions of packages rkhunter recommends:
ii  curl                                       7.38.0-1
ii  exim4-daemon-light [mail-transport-agent]  4.84-2
ii  iproute                                    1:3.16.0-2
ii  lsof                                       4.86+dfsg-1
ii  unhide                                     20121229-1
ii  wget                                       1.15-1+b1

Versions of packages rkhunter suggests:
pn  bsd-mailx | mailutils | heirloom-mailx | mailx  <none>
pn  libdigest-whirlpool-perl                        <none>
ii  liburi-perl                                     1.64-1
ii  libwww-perl                                     6.08-1
ii  powermgmt-base                                  1.31+nmu1
ii  tripwire                                        2.4.2.2-4

-- Configuration Files:
/etc/default/rkhunter changed:
CRON_DAILY_RUN="yes"
CRON_DB_UPDATE="yes"
DB_UPDATE_EMAIL="false"
REPORT_EMAIL="root"
APT_AUTOGEN=""
NICE="0"
RUN_CHECK_ON_BATTERY="false" 

/etc/rkhunter.conf changed:
ROTATE_MIRRORS=1
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING=""
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
UPDATE_LANG=""
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=0
COPY_LOG_ON_ERROR=0
COLOR_SET2=0
AUTO_X_DETECT=1
WHITELISTED_IS_WHITE=0
ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_PROT_V1=0
ENABLE_TESTS="all"
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps"
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/prelink
IMMUTABLE_SET=0
PHALANX2_DIRTEST=0
ALLOWDEVFILE="/dev/shm/pulse-shm-*"
ALLOW_SYSLOG_REMOTE_LOGGING=0
SUSPSCAN_TEMP=/dev/shm
SUSPSCAN_MAXSIZE=10240000
SUSPSCAN_THRESH=200
USE_LOCKING=0
LOCK_TIMEOUT=300
SHOW_LOCK_MSGS=1
DISABLE_UNHIDE=0
INSTALLDIR="/usr"


-- debconf information:
  rkhunter/cron_db_update: yes
  rkhunter/apt_autogen:
  rkhunter/cron_daily_run: yes

More information about the forensics-devel mailing list