Hi,
I can't get rid of a false positive in RKHunter:
$ sudo rkhunter --check --skip-keypress --no-mail-on-warning
--report-warnings-only
Warning: The following processes are using suspicious files:
Command: xl
UID: 0 PID: 3708
Pathname: /usr/lib/xen-4.4/bin/xl
Possible Rootkit: Dica-Kit Rootkit
Command: xl
UID: 3709 PID: 3708
Pathname: 143064
Possible Rootkit: Dica-Kit Rootkit
Command: xl
UID: 0 PID: 6439
Pathname: /usr/lib/xen-4.4/bin/xl
Possible Rootkit: Dica-Kit Rootkit
Command: xl
UID: 6440 PID: 6439
Pathname: 143064
Possible Rootkit: Dica-Kit Rootkit
Command: xl
UID: 0 PID: 8136
Pathname: /usr/lib/xen-4.4/bin/xl
Possible Rootkit: Dica-Kit Rootkit
Command: xl
UID: 8137 PID: 8136
Pathname: 143064
Possible Rootkit: Dica-Kit Rootkit
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
$ dpkg -S /usr/lib/xen-4.4/bin/xl
xen-utils-4.4: /usr/lib/xen-4.4/bin/xl
$ ls -l /usr/lib/xen-4.4/bin/xl
-rwxr-xr-x 1 root root 157448 Jul 9 14:11 /usr/lib/xen-4.4/bin/xl
Help appreciated!
Mark
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
