I manually run rkhunter and this appered in the log file,
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udev.tdb /etc/.pwd.lock
/etc/.java
---------------

Is these files not supposed to be there? Or is't dangerous to leave them there?

SoiDog...
P.s I posted this in wrong forum :o

Hi soidog,

I'm just going to go down the list and let you know what all of those files are for:

/dev/.udev.tdb - This is the udev database, it should be there.

/etc/.pwd.lock - This is a password locking file.

/etc/.java - Java configuration files are here, I believe.


It'll be fine if you keep all of them :)

Daniel

Ok, thanks.

Is't normal that rkhunter warns you about these files?

SoiDog...

Of course it doesn't happen often, but some software can spit out some false positives. Just like spam filters, nothing is perfect, but yes, those are some common false positives with rkhunter. At least you know it's looking for things though. :)

Ok.
Thanks for letting me know.

SoiDog...

It also doesnt hurt to open those files with pico or vi and make sure they really are what they should be.