Chrootkit found "suspicious" file
John Summerfield
debian at herakles.homelinux.org
Mon Feb 27 22:38:12 UTC 2006
Mike McCarty wrote:
>>> /usr/lib/qt-3.3/etc/settings/.qtrc.lock
>
>
> [snip]
>
>>> Total of 200 files it didn't like. I don't see anything there that
>>> looks particularly suspicios. What's going on? Anyone know?
>>
>>
>>
>> My guess is that they are suspicious because they are dotfiles in
>> directories that aren't home directories. If chkrootkit didn't claim
>> that it detected some particular rootkit, it's just telling you that you
>> might want to look at those to decide whether or not they belong there.
>
>
> I ran it again just now, and it didn't complain about them this
> time, except for two of them. I wonder if access date is being
> checked?
I wouldn't think so, but it's easily checked: copy one it complains
about, one it doesn't and try again.
More information about the fedora-list
mailing list