System infected ?

Gene Heskett gene.heskett at verizon.net
Mon Dec 7 18:38:04 UTC 2009


On Monday 07 December 2009, Michael Schwendt wrote:
>On Mon, 7 Dec 2009 14:38:20 +0100, Frank wrote:
>> On Mon, 07 Dec 2009 14:32:50 +0100 Luc MAIGNAN wrote:
>> > Hi,
>> >
>> > I launched a 'chkrootkit' on my mail server and it gave me the
>> > following error :
>> >
>> > Checking `bindshell'... INFECTED (PORTS:  465)
>> >
>> >
>> > I think that isn't a problem because a use this port with postfix as
>> > SMTPS.
>>
>> Take it als "false positive". I've the same with exim.
>
>What do you expect from a simple test whether a port is used? ;)
>Don't overestimate chkrootkit.

Hijacking a thread here for sure, but how can I make rkhunter accept that 
there is an /usr/sbin/unhide file on this F10 system?  There seems to be ways 
to disable certain tests, but not a method to allow something, so I am being 
bombarded with a daily email from rkhunter about it.  I tried adding it to 
rkhunter.dat but its removed by the following --propupd run.  A manually 
fired run is fine, but the cron job seems unfine.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>

Never get into fights with ugly people because they have nothing to lose.




More information about the fedora-list mailing list