On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote: > On 2007-07-29, Jeff D <[EMAIL PROTECTED]> wrote: > I ran rkhunter again, and then for good measure I aptitude --purged > it, reinstalled, and ran again. And then I thought maybe the whole > thing was compromised, so I purged it again, installed rkhunter 1.30 > from sourceforge, and ran again. And I also ran chkrootkit. In all > cases they showed nothing happening, except for warning me that some > of my /bin executables had been replaced by scripts -- stuff like > egrep, fgrep etc. > > So perhaps it was just a false positive. I'm going to read up on > security stuff now, so maybe I'll have some idea how to proceed the > next time. >
Its tricky. If you have been rooted, you can't trust anything on the system, including aptitude. As for reading, try the package harden-doc. Good luck. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
