OS X Rootkit Hunter warnings.


macrumors member
Original poster
Nov 26, 2011
New Zealand
I got the following warning when running rootkit hunter. A bit of goole searching led me to believe it was probably nothing but thought I would check on here.

Checking if SSH protocol v1 is allowed [ Warning ]
The SSH configuration option 'Protocol' has not been set.

Checking if syslog remote logging is allowed [ Warning ]
Syslog configuration file allows remote logging: install.* @

Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Suspicious file types found in /dev:
/dev/fd/6: MS Windows icon resource
/dev/fd/7: MS Windows icon resource
Checking for hidden files and directories [ Warning ]
Hidden file found: /usr/share/man/man5/.rhosts.5: troff or preprocessor input text



macrumors G4
Jul 17, 2002
Oh, for Heaven's Sakes. Why do you run a utility that is designed to unearth threats that are not even the subject of rumors? The most serious problem found is that you have two MS Windows icon resources. These pose absolutely no threat to you and can do absolutely nothing either good or bad on your computer.

My advice to you is is to ditch Rootkit Hunter. As far as I can tell, this little project appears to be more devoted to showing that it can run on Unix and Unix-like systems that it is to protecting these systems from real threats. Believe me--if ever there is a rootkit issue on the Mac, you will hear about it long before you are infected by it. Absent a real threat, running crap like Rootkit Hunter is like being frightened by ghost stories that you wrote.


macrumors 65816
Jan 9, 2007
FYI, this line:
install.* @ is your local host. It just points to your computer itself, not a remote host of any kind. That shouldn't be an issue.

Don't know about the other items, but they don't strike me as being a problem.


macrumors 68040
Dec 22, 2009
23 is you, /usr/share/man/man5/.rhosts.5 is harmless (Google it), and Windows icon resources won't exactly harm you either.

I'm the paranoid type too, which is why I stay away from this kind of stuff whenever I possibly can, honestly, it just gets me worried for no reason :p
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.