Hi all,
I got this warning from mail report as following:
Warning: Network TCP port 60922 is being usedzaRwT.KiT. Possible rootkit:
Use the 'lsof -i' or 'netstat -an' command to check this.
I tried to find the information about usedzaRwT.KiT/zaRwT.KiT and can't find
anything.
I tried to find the log of that day, but it was overwrote so that I don't
know what happened. I have set it logrotated.
After that day, there is no the same warning message appeared again in the
daily report.
What should I do to check about this RootKit?
By the way, how can I add some files to be checked?
For example, I would like to create some scripts and configuration files
into /usr/local/bin or somewhere like /usr/local/my
And I would like RKHunter to check them.
I have added the following to be test, but they don't be shown in the
report.
HASHWHITELIST=/usr/local/bin/file:056d9af7254640388f2db76e60e3c7c705a184cd
HASHWHITELIST=/usr/local/bin/file.conf:a6b35964d99113685f4a1c82a437a56c28a09d24
HASHWHITELIST=/usr/local/my/test1:8b5fb1f5a14cebbf1effd42d8e41036c
Please advise me and thank you in advance.
Best Regards,
Bruce
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
