Dear Forum
- i have just updated to openSuSE 11.4 [64 bit] ;
rkhunter is giving these Warnings :
Warning: User ‘rtkit’ has been added to the passwd file.
Warning: User ‘pulse’ has been added to the passwd file.
Warning: User ‘statd’ has been added to the passwd file.
Warning: Changes found in the group file for group ‘audio’:
User ‘pulse’ has been added to the group
Warning: Group ‘rtkit’ has been added to the group file.
Warning: Group ‘pulse’ has been added to the group file.
Warning: Group ‘pulse-access’ has been added to the group file.
Warning: Suspicious file types found in /dev:
/dev/shm/initrd_exports.sh: ASCII text
Warning: Hidden directory found: /dev/.sysconfig
Warning: Hidden directory found: /dev/.mount
…
Do these look Normal, Are these False-Positives??
or
Is there a Problem ??
thanks
best regards
Anna
since rkhunter is merely comparing previous system values to current, from your post it appears that packages related to pulseaudio were installed during update and the appropriate changes made to your system (pulseaudio, rtkit, etc).
if you agree, and feel comfortable that these changes are legitimate (i believe they are) in a terminal:
#su root
password
#rkhunter --propupd
wait till it completes gathering the new values, then exit.
this should eliminate all the warnings except the hidden files related to the /dev folder. This is a bit harder to advise about, some programs will temporarily create files there so they only show up occassionally and disappear with the next reboot.
So, reboot your machine, run rkhunter from the command line as root and if some hidden files still show up as warnings you should post back here, if they are now part of your system you will have to make the appropriate entries in /etc/rkhunter.config.local to suppress the warnings.
hope this helps 
just one question:
why is the file in /dev and what does it do here anyway?