On Wed, Sep 13, 2006 at 07:12:48PM +0200, Mathias Brodala wrote: > Hello. > > > #chkrootkit -q > > > > Warning: Possible Showtee Rootkit installed > > > > > > True or False or some package(false positive)!? > > I guess it?s the latter. You can see which files are being checked for this test > in the chkrootkit script: > > > if [ -d ${ROOTDIR}usr/lib/.egcs ] || [ -f ${ROOTDIR}usr/lib/libfl.so ] || \ > > [ -d ${ROOTDIR}usr/lib/.kinetic ] || [ -d ${ROOTDIR}usr/lib/.wormie ] || \ > > [ -f ${ROOTDIR}usr/lib/liblog.o ] || [ -f ${ROOTDIR}usr/include/addr.h ] || \ > > [ -f ${ROOTDIR}usr/include/cron.h ] || [ -f ${ROOTDIR}usr/include/file.h ] || \ > > [ -f ${ROOTDIR}usr/include/proc.h ] || [ -f ${ROOTDIR}usr/include/syslogs.h ] || \ > > [ -f ${ROOTDIR}usr/include/chk.h ]; then > > echo "Warning: Possible Showtee Rootkit installed" > > The /usr/lib/libfl.so comes from the flex package on my system, so if it exists > it doesn?t necessarily mean that there?s something wrong. (None of the other > files exist here.) > Hi, I had the same thing as I have 'tiger' installed. I guess a bug report would be in order. cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org |
Attachment:
signature.asc
Description: Digital signature