System infected ?
Gene Heskett
gene.heskett at verizon.net
Mon Dec 7 18:38:04 UTC 2009
On Monday 07 December 2009, Michael Schwendt wrote:
>On Mon, 7 Dec 2009 14:38:20 +0100, Frank wrote:
>> On Mon, 07 Dec 2009 14:32:50 +0100 Luc MAIGNAN wrote:
>> > Hi,
>> >
>> > I launched a 'chkrootkit' on my mail server and it gave me the
>> > following error :
>> >
>> > Checking `bindshell'... INFECTED (PORTS: 465)
>> >
>> >
>> > I think that isn't a problem because a use this port with postfix as
>> > SMTPS.
>>
>> Take it als "false positive". I've the same with exim.
>
>What do you expect from a simple test whether a port is used? ;)
>Don't overestimate chkrootkit.
Hijacking a thread here for sure, but how can I make rkhunter accept that
there is an /usr/sbin/unhide file on this F10 system? There seems to be ways
to disable certain tests, but not a method to allow something, so I am being
bombarded with a daily email from rkhunter about it. I tried adding it to
rkhunter.dat but its removed by the following --propupd run. A manually
fired run is fine, but the cron job seems unfine.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>
Never get into fights with ugly people because they have nothing to lose.
More information about the fedora-list
mailing list