Last Updated on December 8, 2010 by Till Brehm
When you run rkhunter on Debian Linux, you might get a warning when rkhunter is checking for hidden files and directories that some Hiffen files were found in /proc. A closer investigation in rkhunter might bring up the filenames /dev/.static, /dev/.udev and /dev/.initramfs which are normal files on Debian and not related to a attack on your system. The warnings in rkhunter.log are:
[10:21:40] Warning: Hidden directory found: /dev/.static
[10:21:40] Warning: Hidden directory found: /dev/.udev
[10:21:40] Warning: Hidden directory found: /dev/.initramfs
To avoid these warnings, you can reconfigure rkhunter to ignore these files by editing the rkhunter.conf file:
vi /etc/rkhunter.conf
and remove the # in fron of the following lines:
ALLOWHIDDENDIR=/dev/.udev
ALLOWHIDDENDIR=/dev/.static
ALLOWHIDDENDIR=/dev/.initramfs