[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chkrootkit - possible bad news`



On Tue, Feb 24, 2004 at 10:37:44AM -0500, Noah Meyerhans wrote:
> On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
> > 
> > Looks like there are a lot of false positives on it.
> > 
> 
> It looks like there are a lot of false positives with chkrootkit in
> general.  Seriously, has anybody here ever had chkrootkit detect an
> actual rootkit? [...snip...]
> 

Well, I've had it confirm suspicions that a rootkit was installed, but
no correct automated detection. I'm considering killing teh crontab
entry, because it's getting too annoying having to verify that the
entries it produces are false.

Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li 8DEC67C5

Attachment: pgp3P3d1AgXnA.pgp
Description: PGP signature


Reply to: