Hi, running rkhunter on debian etch I can find the following false alarm: [17:00:17] - File /usr/bin/slice... WARNING! Exists.
- maybe a file named /usr/bin/slice is a part of a known rootkit but in this special case this file is part of the slice package. Here the file listing and the package information of this package: 'dpkg -L slice' produces /. /usr /usr/bin /usr/bin/slice /usr/share /usr/share/man /usr/share/man/man1 /usr/share/man/man1/slice.1.gz /usr/share/doc /usr/share/doc/slice /usr/share/doc/slice/README /usr/share/doc/slice/copyright /usr/share/doc/slice/changelog.gz /usr/share/doc/slice/changelog.Debian.gz 'dpkg -p slice' produces Package: slice Priority: optional Section: text Installed-Size: 96 Maintainer: Luk Claes <[EMAIL PROTECTED]> Architecture: all Version: 1.3.8-8 Depends: perl (>= 5.6.0) | perl5, libbit-vector-perl Size: 24902 Description: Extract out pre-defined slices of an ASCII file The slice program reads an input file and divide its prepared ASCII contents into possibly overlapping slices. These slices are determined by enclosing blocks which are defined by begin and end delimiters which have to be already in the file. The final output gets calculated by a slice term consisting of slice names, set theory operators and optional round brackets. As far as I can see is there no easy way to fix this problem. Of course it is possible to remove /usr/bin/slice from the RHSHARPES_FILES list in /usr/bin/rkhunter, but IMHO this should not be the solution. Also I could imagine that comparable problems with other files / rootkits also could exist. It would be helpful if this problem could be fixed in the future. Cheers, Christian -- Name: Christian Andretzky | Address: TU Chemnitz | Phone: ++49 +371 531 32130 | Fak. Maschinenbau/Verfahrenstechnik | FAX: ++49 +371 531 832130 | Reichenhainer Str. 70 | mail: [EMAIL PROTECTED] | D-09107 Chemnitz | PGP: public key avaliable via public key server | In a world without walls and fences, there is no need for windows and gates | "The Box said 'Windows 95 or better'. - So I installed Linux." | ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
