On 2007-07-29, Jeff D <[EMAIL PROTECTED]> wrote: > >>From the looks of it, it could have just been a false positive. ive seen > rkhunter report a few, not very often though. I'd run rkhunter again, > install chkrootkit, run that, see if the two match up. > > As far as debsums reporting back on the rkhunter files, those will > probably not match, as they can get updated. >
I ran rkhunter again, and then for good measure I aptitude --purged it, reinstalled, and ran again. And then I thought maybe the whole thing was compromised, so I purged it again, installed rkhunter 1.30 from sourceforge, and ran again. And I also ran chkrootkit. In all cases they showed nothing happening, except for warning me that some of my /bin executables had been replaced by scripts -- stuff like egrep, fgrep etc. So perhaps it was just a false positive. I'm going to read up on security stuff now, so maybe I'll have some idea how to proceed the next time. Thanks for your help, Tyler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
