chkrootkit - suspicious files question
Kam Leo
kam.leo at gmail.com
Sun Apr 3 21:47:41 UTC 2005
On Apr 3, 2005 9:37 AM, Gene Heskett <gene.heskett at verizon.net> wrote:
> On Sunday 03 April 2005 08:42, Jim Cornette wrote:
> >Since there was discussions regarding rootkits and how they are
> > getting into systems, I ran chkrootkit and am more concerned about
> > the suspicious files that it referred to.
> >
> >Searching for suspicious files and dirs, it may take a while...
> >/usr/lib/perl5/5.8.6/i386-linux-thread-multi/.packlist
> >/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/NKF/.p
> >acklist
> > /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/mod_p
> >erl/.packlist
> >
> >/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/Gaim/.
> >packlist
> >
> >/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DCOP/.pa
> >cklist
> >
> >
> >Hopefully this does not indicate anything to be alarmed about. Is
> > this a rational assumption?
> >
> >Jim
>
> I don't think these are Jim. But do pay attention to the names a
> level or so back up the tree, I suppose there could be a surprise
> there.
> >
> >--
> >QUESTION AUTHORITY.
> >
> >(Sez who?)
> :)
> --
> Cheers, Gene
Perl-5.8.6 is from the development repo and is part of FC4-test1. Are
you running FC4-test1 or did you mess up your system by enabling the
development repo?
More information about the fedora-list
mailing list