Hi All,
Added the following, RTKT_FILE_WHITELIST="/etc/rc.d/rc.sysinit" and also
tried RTKT_FILE_WHITELIST="/etc/rc.d/rc.sysinit:hdparm" still getting Xzibit
Rootkit.
Any ideas?
Thanks,
Joe
From: White, Joseph [mailto:jwh...@sandia.gov]
Sent: Friday, July 15, 2011 9:52 AM
To: rkhunter-users@lists.sourceforge.net
Subject: [Rkhunter-users] Xzibit
Hi All
Just upgraded to 1.3.8 now I'm getting Xzibit Rootkit. I'm sure it is a false
positive, how do I clear this error?
Thanks
Joe
>From output:
Rootkit checks...
Rootkits checked : 254
Possible rootkits: 1
Rootkit names : Xzibit Rootkit
>From log:
# less rkhunter.log|grep Xzibit
[09:27:21] Checking for Xzibit Rootkit...
[09:27:21] Xzibit Rootkit [ Not found ]
[09:27:50] Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'.
Possible rootkit: Xzibit Rootkit
[09:28:23] Rootkit names : Xzibit Rootkit
>From file:
cat /etc/rc.d/rc.sysinit |grep hdparm
# after installing the hdparm-RPM. If you need different hdparm parameters
if [ -x /sbin/hdparm ]; then
action $"Setting hard drive parameters for
${disk[$device]}: " /sbin/hdparm ${HDFLAGS[$device]} /dev/${disk[$device]}
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
