Hi all,

I got this warning from mail report as following:

Warning: Network TCP port 60922 is being usedzaRwT.KiT. Possible rootkit:
         Use the 'lsof -i' or 'netstat -an' command to check this.

I tried to find the information about usedzaRwT.KiT/zaRwT.KiT and can't find
I tried to find the log of that day, but it was overwrote so that I don't
know what happened. I have set it logrotated.
After that day, there is no the same warning message appeared again in the
daily report.

What should I do to check about this RootKit?

By the way, how can I add some files to be checked?
For example, I would like to create some scripts and configuration files
into /usr/local/bin or somewhere like /usr/local/my
And I would like RKHunter to check them.

I have added the following to be test, but they don't be shown in the


Please advise me and thank you in advance.

Best Regards,
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
Rkhunter-users mailing list

Reply via email to