rkhunter has put two warning messages in my mail this morning
the first says:
Please inspect this machine, because it may be infected.
the second:
Warning: Suspicious file types found in /dev:
/dev/shm/sem.ADBE_REL_jayell: data
/dev/shm/sem.ADBE_WritePrefs_jayell: data
/dev/shm/sem.ADBE_ReadPrefs_jayell: data
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
=============================================================
each file consists of 16 bytes, similar to this:
00000000 01 00 00 00 00 00 00 00 00 00 00 00 00 00
00 ................
I think they may be something to do with Adobe Reader which had an
update yesterday, rkhunter had not found these files previously. I had
to edit preferences in Reader as my previous settings didn't seem
to have carried over.
Is it anything I need to worry about and if not how can I get rkhunter
to accept the files as OK.
I have use rkhunter --propupd in the past when it has found things like
the following:
Warning: The file properties have changed:
File: /usr/bin/ldd
Current inode: 81675 Stored inode: 202828
Current file modification time: 1239099122
Stored file modification time : 1237158934
but am not sure if this is the correct way to deal with this sort of
problem.
I think ldd is provided by libc6 which also had a recent update. Since
I am running sid pretty well every package installed on my system has
been updated since lenny went 'live'.
--
John Lewis
using Debian Sid with windowmaker for a nicer desktop
