Chkrootkit messages ?
Gilboa Davara
gilboad at gmail.com
Wed May 3 10:23:56 UTC 2006
On Mon, 2006-05-01 at 15:23 -0400, Bob Goodwin wrote:
> Gilboa Davara wrote:
> > On Mon, 2006-05-01 at 08:16 -0700, Michael A. Peters wrote:
> >
> >> On Mon, 2006-05-01 at 10:16 -0400, Bob Goodwin wrote:
> >>
> >>
> >>> Of course I'm not certain of the validity of either check when
> >>> chkrootkit and rkhunter are installed "after the fact?"
> >>>
> >> I also have a /dev/.udev directory.
> >> And I have /usr/share/man/man1/..1.gz - owned by bash.
> >>
> >> I don't have /etc/.java - but I did not install the java stuff on this
> >> box.
> >>
> >>
> >
> > I'd suggest you use this patch.
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190248
> >
> > Gilboa
> >
> Ok, I made the changes as specified there.
>
> It looks like it also wants "#ALLOWHIDDENDIR=/etc/.java" uncommented
> also? If
> that's a legitimate fix?
>
> ******************** result *******************************
>
> Result rc.d files check [ OK ]
> Checking history files
> Bourne Shell [ OK ]
>
> * Filesystem checks
> Checking /dev for suspicious files... [ OK ]
> Scanning for hidden files... [ Warning! ]
> ---------------
> /dev/.udev /usr/share/man/man1/..1.gz /etc/.pwd.lock /etc/.java
> ---------------
> Please inspect: /dev/.udev (directory) /etc/.java (directory)
>
> ************************************************************
>
> BobG
>
You'll need to add /dev/.udev, /etc/.java to ALLOWHIDDENDIR
and /usr/share/man/man1/..1.gz, /etc/.pwd.lock to ALLOWHIDDENFILE
Gilboa
More information about the fedora-list
mailing list