[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: chkrootkit - suspicious files question



Gene Heskett wrote:
On Sunday 03 April 2005 08:42, Jim Cornette wrote:

Since there was discussions regarding rootkits and how they are
getting into systems, I ran chkrootkit and am more concerned about
the suspicious files that it referred to.

Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.6/i386-linux-thread-multi/.packlist
/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/NKF/.p
acklist
/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/mod_p
erl/.packlist

/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/Gaim/.
packlist

/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DCOP/.pa
cklist


Hopefully this does not indicate anything to be alarmed about. Is this a rational assumption?

Jim


I don't think these are Jim. But do pay attention to the names a level or so back up the tree, I suppose there could be a surprise there.

Not to sound dense, but the linux threads are they not used for 2.6 kernels and for the nptl backported kernels? I'm probably looking at the wrong portion of the path to th file.


Looking through the packlist, I could see why it is marked suspicious. :-)

Jim


-- If it's not in the computer, it doesn't exist.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]