[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /bin/login listening?

On 2007-07-29, Jeff D <fixedored@gmail.com> wrote:
>
>>From the looks of it, it could have just been a false positive.  ive seen 
> rkhunter report a few, not very often though.  I'd run rkhunter again, 
> install chkrootkit, run that, see if the two match up.
>
> As far as debsums reporting back on the rkhunter files, those will 
> probably not match, as they can get updated.
>

I ran rkhunter again, and then for good measure I aptitude --purged
it, reinstalled, and ran again. And then I thought maybe the whole
thing was compromised, so I purged it again, installed rkhunter 1.30
from sourceforge, and ran again. And I also ran chkrootkit. In all
cases they showed nothing happening, except for warning me that some
of my /bin executables had been replaced by scripts -- stuff like
egrep, fgrep etc.

So perhaps it was just a false positive. I'm going to read up on
security stuff now, so maybe I'll have some idea how to proceed the
next time.

Thanks for your help,

Tyler
Reply to: