[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rootkit in a package

On Monday, Apr 28, 2003, at 10:57 America/New_York, csj wrote:

alpha:~# chkrootkit | grep Sharpe
Searching for RH-Sharpe's default files... Possible RH-Sharpe's rootkit installed 
alpha:~# apt-get remove --purge slice
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages will be REMOVED:
  slice*
0 packages upgraded, 0 newly installed, 1 to remove and 3 not upgraded. 
Need to get 0B of archives. After unpacking 98.3kB will be freed.
Do you want to continue? [Y/n] y
Reading changelogs... Done
(Reading database ... 92734 files and directories currently installed.)
Removing slice ...
alpha:~# chkrootkit | grep Sharpe
Searching for RH-Sharpe's default files... nothing found
This is documented in /usr/share/doc/chkrootkit/README.Debian, specifically the following packages can cause false alarms: 
  libproc-dev
  slice
  portsentry
  noflushd

--Terry
Reply to: