
J'ai lancé chkrootkit, qui m'a 'trouvé' un rootkit, j'ai regardé la doc
pour les détails, et je vois, dans /usr/share/doc/chkrootkit :

README.Debian for chkrootkit

Below is a list of packages which are known to set off false alarms in

libproc-dev: chkrootkit detects libproc.a as a possible component of
t0rn v8 

slice: /usr/bin/slice sets false alarm about RH-Sharpe

portsentry: Portsentry by default listens to port 31337/udp, which
chkrootkit detects as malicious. chkrootkit checks for other malicious
ports, which may be bound by innocent programs. 


Répondre à