Chkrootkit messages ?

Bob Goodwin bobgoodwin at wildblue.net
Mon May 1 19:23:43 UTC 2006


Gilboa Davara wrote:
> On Mon, 2006-05-01 at 08:16 -0700, Michael A. Peters wrote:
>   
>> On Mon, 2006-05-01 at 10:16 -0400, Bob Goodwin wrote:
>>
>>     
>>> Of course I'm not certain of the validity of either check when 
>>> chkrootkit and rkhunter are installed "after the fact?"
>>>       
>> I also have a /dev/.udev directory.
>> And I have /usr/share/man/man1/..1.gz - owned by bash.
>>
>> I don't have /etc/.java - but I did not install the java stuff on this
>> box.
>>
>>     
>
> I'd suggest you use this patch.
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190248
>
> Gilboa
>   
Ok, I made the changes as specified there.

It looks like it also wants  "#ALLOWHIDDENDIR=/etc/.java"  uncommented 
also?  If
that's a legitimate fix?

******************** result *******************************

  Result rc.d files check                                    [ OK ]
   Checking history files
     Bourne Shell                                             [ OK ]

* Filesystem checks
   Checking /dev for suspicious files...                      [ OK ]
   Scanning for hidden files...                               [ Warning! ]
---------------
 /dev/.udev  /usr/share/man/man1/..1.gz  /etc/.pwd.lock /etc/.java
---------------
Please inspect:  /dev/.udev (directory)  /etc/.java (directory)

************************************************************

BobG




More information about the fedora-list mailing list