On Wed, Sep 13, 2006 at 07:12:48PM +0200, Mathias Brodala wrote:
> Hello.
>
> > #chkrootkit -q
> >
> > Warning: Possible Showtee Rootkit installed
> >
> >
> > True or False or some package(false positive)!?
>
> I guess it?s the latter. You can see which files are being checked for this test
> in the chkrootkit script:
>
> > if [ -d ${ROOTDIR}usr/lib/.egcs ] || [ -f ${ROOTDIR}usr/lib/libfl.so ] || \
> > [ -d ${ROOTDIR}usr/lib/.kinetic ] || [ -d ${ROOTDIR}usr/lib/.wormie ] || \
> > [ -f ${ROOTDIR}usr/lib/liblog.o ] || [ -f ${ROOTDIR}usr/include/addr.h ] || \
> > [ -f ${ROOTDIR}usr/include/cron.h ] || [ -f ${ROOTDIR}usr/include/file.h ] || \
> > [ -f ${ROOTDIR}usr/include/proc.h ] || [ -f ${ROOTDIR}usr/include/syslogs.h ] || \
> > [ -f ${ROOTDIR}usr/include/chk.h ]; then
> > echo "Warning: Possible Showtee Rootkit installed"
>
> The /usr/lib/libfl.so comes from the flex package on my system, so if it exists
> it doesn?t necessarily mean that there?s something wrong. (None of the other
> files exist here.)
>
Hi,
I had the same thing as I have 'tiger' installed. I guess a bug report
would be in order.
cheers,
Kev
--
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal | debian.home.pipeline.com |
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keysever: pgp.mit.edu | my NPO: cfsg.org |
Attachment:
signature.asc
Description: Digital signature