Mark Misulich wrote:
> Hi,
> I recently installed rkhunter-1.3.6 on my laptop computer on two
> linux operating systems. On this laptop I have opensuse 11.1 and
> Elive development version 1.9.51 installed, along with Win7. I just
> purchased the laptop so both linux instalations are fresh installs.
Why would you suspect that a computer with a fresh install would
have a rootkit? I'd use this to build experience with the tool,
not to suspect the install.
> When I ran rkhunter -c --sk to check for rootkits on the Elive
> installation, I got a positive result.
>
> when checking for rootkits...
>
> Performing check of known rootkit files and directories
>
> Xzibit Rootkit {Not found}
>
> Performing additional rootkit checks
>
> Checking for possible rootkit strings {Warning}
>
> Rootkit checks...
> Possible rootkits: 2
> Rootkit names: Xzibit Rootkit, Xzibit Rootkit
This looks like a false positive to me. The rootkit was
explicitly stated as not found. There are some possible
indications, that's all. I'd investigate further before...
[...]
> fix since it was a fresh install anyways. So I reformatted the root
> and home partitions several times and then reinstalled Elive.
... doing something like this. In any case, it's never necessary to
reformat a drive.
> Before I got to far into the installation and use of Elive after the
> fresh install, I downloaded rkhunter and ran a scan again. It showed
> the same results on the fresh install of Elive, same rootkit. I
This confirms in my mind that you have a false positive.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
