<snip> Checking `passwd'... INFECTED </snip>
Not sure if anybody else noticed this, so thought i'd highlight it. This is slightly unusual, the chkroot details say anything showing as INFECTED generally means the binary has been modified, probably by a trojan. Unfortunately I don't have a RaQ2 myself, so can't check, but best is to do an md5sum on the file: md5sum /usr/bin/passwd then compare the output to somebody else's machine. You *could* have somebody in the system. Have you run chkrootkit again just to make sure it wasn't a false alarm? Regards, Andy [EMAIL PROTECTED] http://www.raqpak.com/ <-- Raq/Qube unofficial PKGs and support advice _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
