Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Chkrootkit output[solved]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
orange_juice
Guru
Guru


Joined: 16 Feb 2006
Posts: 588
Location: Athens - Greece
PostPosted: Fri Aug 18, 2006 12:24 am    Post subject: Chkrootkit output[solved] Reply with quote
Hallo,

I have recently rebuilt my desktop and have implemented a cron job to chkrootkit my box daily. I keep getting this result:

Code:
Searching for suspicious files and dirs, it may take a while...
/usr/lib/locale/.keep /usr/lib/perl5/5.8.8/i686-linux/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Bit/Vector/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Carp/Clan/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Date/Calc/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Locale/gettext/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Pod/Parser/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Test/Harness/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Tie/IxHash/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Unix/Syslog/.packlist
+/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/Parser/.packlist /usr/lib/.keep /lib/dev-state/.keep
+/lib/rcscripts/awk/.keep /lib/udev-state/.keep


Is it a false positive? Because I keep getting it also in my other boxes...

Kind regards,
orange_juice

Last edited by orange_juice on Fri Aug 18, 2006 8:29 pm; edited 1 time in total
Back to top
View user's profile Send private message
kenthepostman
Apprentice
Apprentice


Joined: 02 Jul 2004
Posts: 245
Location: Stanford, CA
PostPosted: Fri Aug 18, 2006 5:37 pm    Post subject: Reply with quote
I'm pretty sure that those are false positives because I had the same issue a while ago. Chrootkit checks for hidden files which might be malicious. .packlist and .keep are commonly used and sometimes create false positives. You can check to see if those files are anything to worry about but I doubt it.
Back to top
View user's profile Send private message
orange_juice
Guru
Guru


Joined: 16 Feb 2006
Posts: 588
Location: Athens - Greece
PostPosted: Fri Aug 18, 2006 8:29 pm    Post subject: Reply with quote
Checking them, indeed, I did not find anything suspicious. Only path to files like man pages and perl staff.

Thank you!

Kind regards,
orange_juice
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy