Thanks for a wonderful tool!
I find that I'm getting some false positives with Fedora Core
from 1.3.6. These are new ones. I've already been ignoring
some other false positives for some time. Now, I've got no
problem ignoring false positives, I'm reporting this just
for informative purposes. I also run tripwire and chkrootkit,
and neither of them is reporting anything out of the ordinary.
Well, tripwire reported the install of a new version of rkhunter,
but nothing I didn't anticipate.
Output while running:
Checking for rootkits...
Performing check of known rootkit files and directories
[...]
Xzibit Rootkit [ Not found ]
[...]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ Warning ]
Checking for possible rootkit strings [ Warning ]
[...]
Rootkit checks...
Rootkits checked : 254
Possible rootkits: 2
Rootkit names : Possible rootkit component, Xzibit Rootkit
From the log file:
[11:55:06] Performing check of possible rootkit files and directories
[11:55:06] Info: Starting test name 'possible_rkt_files'
[11:55:15] Checking for directory '/dev/ida' [ Warning ]
[11:55:17] Warning: Checking for possible rootkit files and directories
[ Warning ]
[11:55:17] Found directory '/dev/ida'. Possible rootkit:
Possible rootkit component
(I seee nothing suspicious in that directory.)
[11:55:17] Performing check for possible rootkit strings
[11:55:52] Checking for string 'hdparm' [ Warning ]
[11:55:54] Warning: Checking for possible rootkit strings [ Warning ]
[11:55:54] Found string 'hdparm' in file
'/etc/rc.d/rc.sysinit'. Possible rootkit: Xzibit Rootkit
(Well, it's certainly in there, but it appears correct to me.)
[11:57:53] System checks summary
[11:57:53] =====================
[11:57:54] Rootkit checks...
[11:57:54] Rootkits checked : 254
[11:57:54] Possible rootkits: 2
[11:57:54] Rootkit names : Possible rootkit component, Xzibit Rootkit
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
