Bill Marcum wrote:
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote: What exactly did chkrootkit say about those files? Were they writable by non-root users, did they have setuid permission, or what?
They had the following access rights:They had the usual access rights 751. chkrootkit just said INFECTED but nothing more about them.
Whatever, I guess during the inital setup of LFS I made a mistake and compiled these files statically... This probably explains the size. I do not think, that they're belonging to a rootkit, as I have the same files on my initial install backup.
Anyways, if someone is interested in them, I could send them, but I think 1.3 MB of files is too much for this mailing list...
Regards MarcelPS: I installed AIDE on this box which is run on a daily basis now. (Before this I only had logwatch and some manual tiger run from time to time)