[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Chkrootkit reports infection



On Wed, 29 Jun 2005, Nikita V. Youshchenko wrote:

> > I've recently updated to sarge.
> > 
> > When chkrootkit runs daily, I get a (presumed) false positive:
> > 
> > # chkrootkit -q
> > 
> > /usr/lib/mindi/rootfs/proc/.keep /usr/lib/mindi/rootfs/root/.profile
> > 
> > I assume that this is due to the presence of "dotfiles" installed by
> > mindi. I've tried suppressing this output using a "grep" statement, but
> > chkrootkit returns a non-zero value, and I also get this message daily.
> > 
> > Is there a way of turning this off without writing a separate shell
> > script?
> 
> You may stop daily mails by running dpkg-reconfigure chkrootkit and
> disabling daily runs.

Newer versions of chkrootkit (0.45, for example) allow you to run in a
"diff mode" that suppresses day-to-day duplicate hits.  You can turn this
option on with 'dpkg-reconfigure chkrootkit'.

-- Brad



Reply to: