Last night when I was off-site furiously doing a major upgrade on a client’s server I checked my email. I quickly glanced at the RKHUNTER logs sent to me by a script I crafted up a long time ago. They were for my primary Linux system at home. My heart skipped a couple of beats when I saw this:
Warning: Suspicious file types found in /dev:
Uhhh, what? CLOUD?? Schedule? Deliver? This doesn’t look good.
With my mind in a few different places at once already with the tasks I was involved in, I started mildly freaking out. I couldn’t deal with this as Windows Server 2016 was being a little bitch, taking hours to “update” (READ: puke all over itself and pass out with no indication to me). And for some reason I couldn’t connect to my home VPN to investigate. Uuuuuugh.
For a split second I wondered if it was the FoxIt Reader I installed the other day, but thought to myself, nah – was it even open at the time? Does a PDF reader for Linux need these kinds of functions? I installed FoxIt to get away from Evince as I really, really hate the GTK3 app style, and IMHO Evince has some peculiarities that really got to me over the years…and I’ll be damned if I taint my system with anything created by Adobe (Flash is dead! Long live HTML5!)
Come to find out it actually *was* FoxIt. I came home and found an instance open and closed it – viola, /dev/shm was clean now.I’m going to have to look closer at FoxIt’s license and overall functionality (rather the ability to disable some of it) if it is in fact doing “cloud” things without me specifically telling me to…even if it’s simply loading the function. That’s not how Linux apps should work, IMHO.