[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Chkrootkit messages ?



Gilboa Davara wrote:
On Mon, 2006-05-01 at 08:16 -0700, Michael A. Peters wrote:
On Mon, 2006-05-01 at 10:16 -0400, Bob Goodwin wrote:

Of course I'm not certain of the validity of either check when chkrootkit and rkhunter are installed "after the fact?"
I also have a /dev/.udev directory.
And I have /usr/share/man/man1/..1.gz - owned by bash.

I don't have /etc/.java - but I did not install the java stuff on this
box.


I'd suggest you use this patch.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190248

Gilboa
Ok, I made the changes as specified there.

It looks like it also wants "#ALLOWHIDDENDIR=/etc/.java" uncommented also? If
that's a legitimate fix?

******************** result *******************************

 Result rc.d files check                                    [ OK ]
  Checking history files
    Bourne Shell                                             [ OK ]

* Filesystem checks
  Checking /dev for suspicious files...                      [ OK ]
  Scanning for hidden files...                               [ Warning! ]
---------------
/dev/.udev  /usr/share/man/man1/..1.gz  /etc/.pwd.lock /etc/.java
---------------
Please inspect:  /dev/.udev (directory)  /etc/.java (directory)

************************************************************

BobG


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]