Checking your /dev/
The directory /dev is the most used by "crackers" to hide their rootkits
and backdoors. If you look in our rootkit database
you will see how many entries the /dev have. It happens because the /dev
is very big and most of the administrators dont know what files are supposed
to be there.
More info about the /dev can be found here
Here follow some rules about the /dev:
Inside the /dev, all the files must be devices. If you find
any file that is not a device (or a directory), look carefully at it.
The only allowed files inside the /dev/ are the MAKEDEV and the
README.MAKEDEV (or MAKEDEV.README).
$RootCheck: dev.php ,v 1.0 2003/10/20, Daniel B. Cid$