On Wed, 2010-05-26 at 08:04 +0200, Helmut Hullen wrote: > > > I am pretty sure I have a trojan or resident spoofer in there, > > especially on one of the domains that has bandwidth / traffic going > > thru the roof. > > Maybe "rkhunter" cannot find every crap. It searches for some "well > known" cases, but the other test is wether a file has/was changed. > > "propupd" produces a hash list of many files, and "rkhunter" compares > the actual hash with the listed hash. If some rootkit has changed some > critical file last week then the "propupd" run from yesterday stores the > infected file "as good". > > The best way in this case is reinstalling at least the "base" packages > or (even better) reinstalling the complete system from CD. > Or set the package manager option. FC6 won't be updated anymore, so all the current package files should correspond to their entries in the RPM database.
John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
