Is having a hidden directory under /etc safe?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{
margin-bottom:0;
}
On Debian 9, installing default-jre
creates a hidden directory /etc/.java
. This is flagged as a warning while I run rkhunter. Looking up online, I found an old bug report against Debian. The bug was closed stating the sysadmin could configure rkhunter to ignore the directory.
Speaking simplistically from the point of view of operating system security, is it a good idea to have a hidden directory under /etc
? Does it make security sense for rkhunter to look for and flag hidden files and directories under /etc
? What's the recommended best practice here?
Edit 2019-05-29T02:42+00:00: What I mean to ask in the last question is if a hidden directory under /etc is a good idea from the point of view of "security usability". As in, it might be disconcerting for a sysadmin to find a hidden file under /etc
and therefore could be bad security practice, especially from the point of view of a package maintainer.
linux debian
|
show 3 more comments
On Debian 9, installing default-jre
creates a hidden directory /etc/.java
. This is flagged as a warning while I run rkhunter. Looking up online, I found an old bug report against Debian. The bug was closed stating the sysadmin could configure rkhunter to ignore the directory.
Speaking simplistically from the point of view of operating system security, is it a good idea to have a hidden directory under /etc
? Does it make security sense for rkhunter to look for and flag hidden files and directories under /etc
? What's the recommended best practice here?
Edit 2019-05-29T02:42+00:00: What I mean to ask in the last question is if a hidden directory under /etc is a good idea from the point of view of "security usability". As in, it might be disconcerting for a sysadmin to find a hidden file under /etc
and therefore could be bad security practice, especially from the point of view of a package maintainer.
linux debian
38
Hidden directories don't have any security impact at all. The reason they are hidden is so that it doesn't fill the user directories with fluff they don't care about. Having a hidden directory in /etc is quite pointless, as I expect lots of config stuff to b ethere.
– MechMK1
May 28 at 11:41
52
Whenever I see a question asking whether something is safe, I'm left wondering: Safe against what?
– Marc.2377
May 29 at 0:06
3
@Marc.2377 That's a very smart question. This question could be interpreted a number of ways, now that I think about it...
– Redwolf Programs
May 29 at 1:50
1
Aliasingls
tols -A
can help here from a security usability perspective.
– forest
May 29 at 3:14
6
@Marc.2377 Or equivalently, What is your threat model? ("Threat model" just being a fancy term for the things you're trying to protect against.)
– jpmc26
May 29 at 16:56
|
show 3 more comments
On Debian 9, installing default-jre
creates a hidden directory /etc/.java
. This is flagged as a warning while I run rkhunter. Looking up online, I found an old bug report against Debian. The bug was closed stating the sysadmin could configure rkhunter to ignore the directory.
Speaking simplistically from the point of view of operating system security, is it a good idea to have a hidden directory under /etc
? Does it make security sense for rkhunter to look for and flag hidden files and directories under /etc
? What's the recommended best practice here?
Edit 2019-05-29T02:42+00:00: What I mean to ask in the last question is if a hidden directory under /etc is a good idea from the point of view of "security usability". As in, it might be disconcerting for a sysadmin to find a hidden file under /etc
and therefore could be bad security practice, especially from the point of view of a package maintainer.
linux debian
On Debian 9, installing default-jre
creates a hidden directory /etc/.java
. This is flagged as a warning while I run rkhunter. Looking up online, I found an old bug report against Debian. The bug was closed stating the sysadmin could configure rkhunter to ignore the directory.
Speaking simplistically from the point of view of operating system security, is it a good idea to have a hidden directory under /etc
? Does it make security sense for rkhunter to look for and flag hidden files and directories under /etc
? What's the recommended best practice here?
Edit 2019-05-29T02:42+00:00: What I mean to ask in the last question is if a hidden directory under /etc is a good idea from the point of view of "security usability". As in, it might be disconcerting for a sysadmin to find a hidden file under /etc
and therefore could be bad security practice, especially from the point of view of a package maintainer.
linux debian
linux debian
edited May 29 at 2:44
eternaltyro
asked May 28 at 11:18
eternaltyroeternaltyro
4674 silver badges13 bronze badges
4674 silver badges13 bronze badges
38
Hidden directories don't have any security impact at all. The reason they are hidden is so that it doesn't fill the user directories with fluff they don't care about. Having a hidden directory in /etc is quite pointless, as I expect lots of config stuff to b ethere.
– MechMK1
May 28 at 11:41
52
Whenever I see a question asking whether something is safe, I'm left wondering: Safe against what?
– Marc.2377
May 29 at 0:06
3
@Marc.2377 That's a very smart question. This question could be interpreted a number of ways, now that I think about it...
– Redwolf Programs
May 29 at 1:50
1
Aliasingls
tols -A
can help here from a security usability perspective.
– forest
May 29 at 3:14
6
@Marc.2377 Or equivalently, What is your threat model? ("Threat model" just being a fancy term for the things you're trying to protect against.)
– jpmc26
May 29 at 16:56
|
show 3 more comments
38
Hidden directories don't have any security impact at all. The reason they are hidden is so that it doesn't fill the user directories with fluff they don't care about. Having a hidden directory in /etc is quite pointless, as I expect lots of config stuff to b ethere.
– MechMK1
May 28 at 11:41
52
Whenever I see a question asking whether something is safe, I'm left wondering: Safe against what?
– Marc.2377
May 29 at 0:06
3
@Marc.2377 That's a very smart question. This question could be interpreted a number of ways, now that I think about it...
– Redwolf Programs
May 29 at 1:50
1
Aliasingls
tols -A
can help here from a security usability perspective.
– forest
May 29 at 3:14
6
@Marc.2377 Or equivalently, What is your threat model? ("Threat model" just being a fancy term for the things you're trying to protect against.)
– jpmc26
May 29 at 16:56
38
38
Hidden directories don't have any security impact at all. The reason they are hidden is so that it doesn't fill the user directories with fluff they don't care about. Having a hidden directory in /etc is quite pointless, as I expect lots of config stuff to b ethere.
– MechMK1
May 28 at 11:41
Hidden directories don't have any security impact at all. The reason they are hidden is so that it doesn't fill the user directories with fluff they don't care about. Having a hidden directory in /etc is quite pointless, as I expect lots of config stuff to b ethere.
– MechMK1
May 28 at 11:41
52
52
Whenever I see a question asking whether something is safe, I'm left wondering: Safe against what?
– Marc.2377
May 29 at 0:06
Whenever I see a question asking whether something is safe, I'm left wondering: Safe against what?
– Marc.2377
May 29 at 0:06
3
3
@Marc.2377 That's a very smart question. This question could be interpreted a number of ways, now that I think about it...
– Redwolf Programs
May 29 at 1:50
@Marc.2377 That's a very smart question. This question could be interpreted a number of ways, now that I think about it...
– Redwolf Programs
May 29 at 1:50
1
1
Aliasing
ls
to ls -A
can help here from a security usability perspective.– forest
May 29 at 3:14
Aliasing
ls
to ls -A
can help here from a security usability perspective.– forest
May 29 at 3:14
6
6
@Marc.2377 Or equivalently, What is your threat model? ("Threat model" just being a fancy term for the things you're trying to protect against.)
– jpmc26
May 29 at 16:56
@Marc.2377 Or equivalently, What is your threat model? ("Threat model" just being a fancy term for the things you're trying to protect against.)
– jpmc26
May 29 at 16:56
|
show 3 more comments
2 Answers
2
active
oldest
votes
Yes, that's safe. There's nothing inherently insecure about having a hidden directory under /etc. The only reason rkhunter flags it is that it's uncommon for legitimate programs to do it, and when malware does it, it makes it less likely that you'd otherwise notice it.
2
That makes sense. My question was more from the point of view of security usability. Wouldn't a hidden directory under/etc
be discomforting for any sysadmin?
– eternaltyro
May 29 at 2:38
18
@eternaltyro It would affect comfort, yes, but not security.
– Mołot
May 29 at 7:33
7
@eternaltyro It would be discomforting once, then you look into it and discover it is legitimate. After that, it is no longer discomforting.
– Stig Hemmer
May 29 at 9:21
1
If you felt really 'bad' about it and the program expected to look there, you could move the 'hidden' dot directory to a non-dot directory, and create a symlink from the hidden directory to the actual directory - then you would 'see' it, if that removed any discomfort...
– Cinderhaze
May 29 at 14:34
2
@eternaltyro Discomfort and security have nothing to do with each other. An admin can be uncomfortable for any reason; an analysis of the risk is necessary to determine if something is secure. In this case, a known and accepted application created the directory so there is no appreciable risk. Malware and vulnerability scanners often flag things that pose no serious risk. It is the admin's job to review the results to determine whether each finding is a legitimate security concern. Whitelisting known-good applications is common and reasonable.
– DoubleD
May 30 at 21:57
add a comment
|
It is safe in the sense that no, it will not make the system unstable, nor will it make it vulnerable from a security standpoint.
That said, as MechMK1 points out, the only reason to use hidden directories is so that it doesn't fill the user directories with fluff they don't care about. The /etc
directory, on the other hand is meant to contain such fluff, so I don't see why you'd want to hide it.
For this reason, it's not an expected action and rkhunter flags it as something suspicious that only malware would do. But you can totally do it too, if you so wish.
add a comment
|
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210923%2fis-having-a-hidden-directory-under-etc-safe%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, that's safe. There's nothing inherently insecure about having a hidden directory under /etc. The only reason rkhunter flags it is that it's uncommon for legitimate programs to do it, and when malware does it, it makes it less likely that you'd otherwise notice it.
2
That makes sense. My question was more from the point of view of security usability. Wouldn't a hidden directory under/etc
be discomforting for any sysadmin?
– eternaltyro
May 29 at 2:38
18
@eternaltyro It would affect comfort, yes, but not security.
– Mołot
May 29 at 7:33
7
@eternaltyro It would be discomforting once, then you look into it and discover it is legitimate. After that, it is no longer discomforting.
– Stig Hemmer
May 29 at 9:21
1
If you felt really 'bad' about it and the program expected to look there, you could move the 'hidden' dot directory to a non-dot directory, and create a symlink from the hidden directory to the actual directory - then you would 'see' it, if that removed any discomfort...
– Cinderhaze
May 29 at 14:34
2
@eternaltyro Discomfort and security have nothing to do with each other. An admin can be uncomfortable for any reason; an analysis of the risk is necessary to determine if something is secure. In this case, a known and accepted application created the directory so there is no appreciable risk. Malware and vulnerability scanners often flag things that pose no serious risk. It is the admin's job to review the results to determine whether each finding is a legitimate security concern. Whitelisting known-good applications is common and reasonable.
– DoubleD
May 30 at 21:57
add a comment
|
Yes, that's safe. There's nothing inherently insecure about having a hidden directory under /etc. The only reason rkhunter flags it is that it's uncommon for legitimate programs to do it, and when malware does it, it makes it less likely that you'd otherwise notice it.
2
That makes sense. My question was more from the point of view of security usability. Wouldn't a hidden directory under/etc
be discomforting for any sysadmin?
– eternaltyro
May 29 at 2:38
18
@eternaltyro It would affect comfort, yes, but not security.
– Mołot
May 29 at 7:33
7
@eternaltyro It would be discomforting once, then you look into it and discover it is legitimate. After that, it is no longer discomforting.
– Stig Hemmer
May 29 at 9:21
1
If you felt really 'bad' about it and the program expected to look there, you could move the 'hidden' dot directory to a non-dot directory, and create a symlink from the hidden directory to the actual directory - then you would 'see' it, if that removed any discomfort...
– Cinderhaze
May 29 at 14:34
2
@eternaltyro Discomfort and security have nothing to do with each other. An admin can be uncomfortable for any reason; an analysis of the risk is necessary to determine if something is secure. In this case, a known and accepted application created the directory so there is no appreciable risk. Malware and vulnerability scanners often flag things that pose no serious risk. It is the admin's job to review the results to determine whether each finding is a legitimate security concern. Whitelisting known-good applications is common and reasonable.
– DoubleD
May 30 at 21:57
add a comment
|
Yes, that's safe. There's nothing inherently insecure about having a hidden directory under /etc. The only reason rkhunter flags it is that it's uncommon for legitimate programs to do it, and when malware does it, it makes it less likely that you'd otherwise notice it.
Yes, that's safe. There's nothing inherently insecure about having a hidden directory under /etc. The only reason rkhunter flags it is that it's uncommon for legitimate programs to do it, and when malware does it, it makes it less likely that you'd otherwise notice it.
answered May 28 at 13:24
Joseph SibleJoseph Sible
4,3411 gold badge12 silver badges25 bronze badges
4,3411 gold badge12 silver badges25 bronze badges
2
That makes sense. My question was more from the point of view of security usability. Wouldn't a hidden directory under/etc
be discomforting for any sysadmin?
– eternaltyro
May 29 at 2:38
18
@eternaltyro It would affect comfort, yes, but not security.
– Mołot
May 29 at 7:33
7
@eternaltyro It would be discomforting once, then you look into it and discover it is legitimate. After that, it is no longer discomforting.
– Stig Hemmer
May 29 at 9:21
1
If you felt really 'bad' about it and the program expected to look there, you could move the 'hidden' dot directory to a non-dot directory, and create a symlink from the hidden directory to the actual directory - then you would 'see' it, if that removed any discomfort...
– Cinderhaze
May 29 at 14:34
2
@eternaltyro Discomfort and security have nothing to do with each other. An admin can be uncomfortable for any reason; an analysis of the risk is necessary to determine if something is secure. In this case, a known and accepted application created the directory so there is no appreciable risk. Malware and vulnerability scanners often flag things that pose no serious risk. It is the admin's job to review the results to determine whether each finding is a legitimate security concern. Whitelisting known-good applications is common and reasonable.
– DoubleD
May 30 at 21:57
add a comment
|
2
That makes sense. My question was more from the point of view of security usability. Wouldn't a hidden directory under/etc
be discomforting for any sysadmin?
– eternaltyro
May 29 at 2:38
18
@eternaltyro It would affect comfort, yes, but not security.
– Mołot
May 29 at 7:33
7
@eternaltyro It would be discomforting once, then you look into it and discover it is legitimate. After that, it is no longer discomforting.
– Stig Hemmer
May 29 at 9:21
1
If you felt really 'bad' about it and the program expected to look there, you could move the 'hidden' dot directory to a non-dot directory, and create a symlink from the hidden directory to the actual directory - then you would 'see' it, if that removed any discomfort...
– Cinderhaze
May 29 at 14:34
2
@eternaltyro Discomfort and security have nothing to do with each other. An admin can be uncomfortable for any reason; an analysis of the risk is necessary to determine if something is secure. In this case, a known and accepted application created the directory so there is no appreciable risk. Malware and vulnerability scanners often flag things that pose no serious risk. It is the admin's job to review the results to determine whether each finding is a legitimate security concern. Whitelisting known-good applications is common and reasonable.
– DoubleD
May 30 at 21:57
2
2
That makes sense. My question was more from the point of view of security usability. Wouldn't a hidden directory under
/etc
be discomforting for any sysadmin?– eternaltyro
May 29 at 2:38
That makes sense. My question was more from the point of view of security usability. Wouldn't a hidden directory under
/etc
be discomforting for any sysadmin?– eternaltyro
May 29 at 2:38
18
18
@eternaltyro It would affect comfort, yes, but not security.
– Mołot
May 29 at 7:33
@eternaltyro It would affect comfort, yes, but not security.
– Mołot
May 29 at 7:33
7
7
@eternaltyro It would be discomforting once, then you look into it and discover it is legitimate. After that, it is no longer discomforting.
– Stig Hemmer
May 29 at 9:21
@eternaltyro It would be discomforting once, then you look into it and discover it is legitimate. After that, it is no longer discomforting.
– Stig Hemmer
May 29 at 9:21
1
1
If you felt really 'bad' about it and the program expected to look there, you could move the 'hidden' dot directory to a non-dot directory, and create a symlink from the hidden directory to the actual directory - then you would 'see' it, if that removed any discomfort...
– Cinderhaze
May 29 at 14:34
If you felt really 'bad' about it and the program expected to look there, you could move the 'hidden' dot directory to a non-dot directory, and create a symlink from the hidden directory to the actual directory - then you would 'see' it, if that removed any discomfort...
– Cinderhaze
May 29 at 14:34
2
2
@eternaltyro Discomfort and security have nothing to do with each other. An admin can be uncomfortable for any reason; an analysis of the risk is necessary to determine if something is secure. In this case, a known and accepted application created the directory so there is no appreciable risk. Malware and vulnerability scanners often flag things that pose no serious risk. It is the admin's job to review the results to determine whether each finding is a legitimate security concern. Whitelisting known-good applications is common and reasonable.
– DoubleD
May 30 at 21:57
@eternaltyro Discomfort and security have nothing to do with each other. An admin can be uncomfortable for any reason; an analysis of the risk is necessary to determine if something is secure. In this case, a known and accepted application created the directory so there is no appreciable risk. Malware and vulnerability scanners often flag things that pose no serious risk. It is the admin's job to review the results to determine whether each finding is a legitimate security concern. Whitelisting known-good applications is common and reasonable.
– DoubleD
May 30 at 21:57
add a comment
|
It is safe in the sense that no, it will not make the system unstable, nor will it make it vulnerable from a security standpoint.
That said, as MechMK1 points out, the only reason to use hidden directories is so that it doesn't fill the user directories with fluff they don't care about. The /etc
directory, on the other hand is meant to contain such fluff, so I don't see why you'd want to hide it.
For this reason, it's not an expected action and rkhunter flags it as something suspicious that only malware would do. But you can totally do it too, if you so wish.
add a comment
|
It is safe in the sense that no, it will not make the system unstable, nor will it make it vulnerable from a security standpoint.
That said, as MechMK1 points out, the only reason to use hidden directories is so that it doesn't fill the user directories with fluff they don't care about. The /etc
directory, on the other hand is meant to contain such fluff, so I don't see why you'd want to hide it.
For this reason, it's not an expected action and rkhunter flags it as something suspicious that only malware would do. But you can totally do it too, if you so wish.
add a comment
|
It is safe in the sense that no, it will not make the system unstable, nor will it make it vulnerable from a security standpoint.
That said, as MechMK1 points out, the only reason to use hidden directories is so that it doesn't fill the user directories with fluff they don't care about. The /etc
directory, on the other hand is meant to contain such fluff, so I don't see why you'd want to hide it.
For this reason, it's not an expected action and rkhunter flags it as something suspicious that only malware would do. But you can totally do it too, if you so wish.
It is safe in the sense that no, it will not make the system unstable, nor will it make it vulnerable from a security standpoint.
That said, as MechMK1 points out, the only reason to use hidden directories is so that it doesn't fill the user directories with fluff they don't care about. The /etc
directory, on the other hand is meant to contain such fluff, so I don't see why you'd want to hide it.
For this reason, it's not an expected action and rkhunter flags it as something suspicious that only malware would do. But you can totally do it too, if you so wish.
answered May 29 at 13:45
rahuldottechrahuldottech
1,5102 gold badges9 silver badges17 bronze badges
1,5102 gold badges9 silver badges17 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210923%2fis-having-a-hidden-directory-under-etc-safe%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
38
Hidden directories don't have any security impact at all. The reason they are hidden is so that it doesn't fill the user directories with fluff they don't care about. Having a hidden directory in /etc is quite pointless, as I expect lots of config stuff to b ethere.
– MechMK1
May 28 at 11:41
52
Whenever I see a question asking whether something is safe, I'm left wondering: Safe against what?
– Marc.2377
May 29 at 0:06
3
@Marc.2377 That's a very smart question. This question could be interpreted a number of ways, now that I think about it...
– Redwolf Programs
May 29 at 1:50
1
Aliasing
ls
tols -A
can help here from a security usability perspective.– forest
May 29 at 3:14
6
@Marc.2377 Or equivalently, What is your threat model? ("Threat model" just being a fancy term for the things you're trying to protect against.)
– jpmc26
May 29 at 16:56