[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: chkrootkit - suspicious files question



Mike Klinke wrote:
On Sunday 03 April 2005 07:42, Jim Cornette wrote:


Hopefully this does not indicate anything to be alarmed about. Is
this a rational assumption?


These look to be a part of perl.

# locate .packlist
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/DCOP/.packlist
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Gaim/.packlist
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/NKF/.packlist

# rpm -ql perl | grep pack
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist



They have the same version of the php that is installed on this laptop. A google search showed the same files being flagged by chkrootkit. I guess these are not signs of a rootkit. I was suspicious since conversations from two users on this list being rooted.
I feel safer now about the files being flagged. Five files is better than a long listing.


Thanks and sorry for the alarm!

Jim





--
Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of Western
	Civilization?
Gandhi:	I think it would be a good idea.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]