Thus spake Stephen Gran: > Thus spake Neil Booth: > > Stephen Gran wrote:- > > > > > Hello all, > > > While running chkrootkit, I got this message (among a bunch of others > > > saying nothing found): > > > > > > Searching for t0rn's default files and dirs... nothing found > > > Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) > > > rootkit installed > > > > > > and > > > > > > Searching for suspicious files and dirs, it may take a while... > > > /usr/lib/xemacs-21.4.1/lisp/.cvsignore > > > > Have you looked inside this file? It's on my system too. It's a > > harmless text file. > Yes, it contains only: > ChangeLog.font-menu > finder-inf.el > which doesn't look bad on the face of it. I am more worried about why > chkrootkit thought I had a rootkit installed. Well, I finally got around to looking through the source for chkrootkit, and it seems that it looks for libproc.a when it looks for t0rn v8 on your sytem - strangely this file comes from libproc-dev. Removing this package resulted in chkrootkit being quite happy, although I'm not sure why this file is considered a problem. No - I take that back. RTFM, Steve - apparently the documentation for chkrootkit explicitly says this package, and also slice and portsentry, can set off false positives. Sorry for wasting everybody's bandwidth. Steve -- A rock store eventually closed down; they were taking too much for granite.
Attachment:
pgpIyn4CFfkCE.pgp
Description: PGP signature