chkrootkit - suspicious files question
Jim Cornette
fc-cornette at insight.rr.com
Mon Apr 4 03:03:50 UTC 2005
Gene Heskett wrote:
> On Sunday 03 April 2005 08:42, Jim Cornette wrote:
>
>>Since there was discussions regarding rootkits and how they are
>>getting into systems, I ran chkrootkit and am more concerned about
>>the suspicious files that it referred to.
>>
>>Searching for suspicious files and dirs, it may take a while...
>>/usr/lib/perl5/5.8.6/i386-linux-thread-multi/.packlist
>>/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/NKF/.p
>>acklist
>>/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/mod_p
>>erl/.packlist
>>
>>/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/Gaim/.
>>packlist
>>
>>/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DCOP/.pa
>>cklist
>>
>>
>>Hopefully this does not indicate anything to be alarmed about. Is
>>this a rational assumption?
>>
>>Jim
>
>
> I don't think these are Jim. But do pay attention to the names a
> level or so back up the tree, I suppose there could be a surprise
> there.
Not to sound dense, but the linux threads are they not used for 2.6
kernels and for the nptl backported kernels? I'm probably looking at the
wrong portion of the path to th file.
Looking through the packlist, I could see why it is marked suspicious. :-)
Jim
--
If it's not in the computer, it doesn't exist.
More information about the fedora-list
mailing list