Hello. > #chkrootkit -q > > Warning: Possible Showtee Rootkit installed > > > True or False or some package(false positive)!? I guess it’s the latter. You can see which files are being checked for this test in the chkrootkit script: > if [ -d ${ROOTDIR}usr/lib/.egcs ] || [ -f ${ROOTDIR}usr/lib/libfl.so ] || \ > [ -d ${ROOTDIR}usr/lib/.kinetic ] || [ -d ${ROOTDIR}usr/lib/.wormie ] || \ > [ -f ${ROOTDIR}usr/lib/liblog.o ] || [ -f ${ROOTDIR}usr/include/addr.h ] || \ > [ -f ${ROOTDIR}usr/include/cron.h ] || [ -f ${ROOTDIR}usr/include/file.h ] || \ > [ -f ${ROOTDIR}usr/include/proc.h ] || [ -f ${ROOTDIR}usr/include/syslogs.h ] || \ > [ -f ${ROOTDIR}usr/include/chk.h ]; then > echo "Warning: Possible Showtee Rootkit installed" The /usr/lib/libfl.so comes from the flex package on my system, so if it exists it doesn’t necessarily mean that there’s something wrong. (None of the other files exist here.) Regards, Mathias -- debian/rules
Attachment:
signature.asc
Description: OpenPGP digital signature