Re: Chkrootkit reports infection
On Wed, 29 Jun 2005, Nikita V. Youshchenko wrote:
> > I've recently updated to sarge.
> >
> > When chkrootkit runs daily, I get a (presumed) false positive:
> >
> > # chkrootkit -q
> >
> > /usr/lib/mindi/rootfs/proc/.keep /usr/lib/mindi/rootfs/root/.profile
> >
> > I assume that this is due to the presence of "dotfiles" installed by
> > mindi. I've tried suppressing this output using a "grep" statement, but
> > chkrootkit returns a non-zero value, and I also get this message daily.
> >
> > Is there a way of turning this off without writing a separate shell
> > script?
>
> You may stop daily mails by running dpkg-reconfigure chkrootkit and
> disabling daily runs.
Newer versions of chkrootkit (0.45, for example) allow you to run in a
"diff mode" that suppresses day-to-day duplicate hits. You can turn this
option on with 'dpkg-reconfigure chkrootkit'.
-- Brad
Reply to: