Markus Hardiyanto <[EMAIL PROTECTED]> writes:
> I install RkHunter and ChkRootKit inside VE. the VE is using Centos
> 4.4 minimal installation. i download the Centos image from the list on
> OpenVZ Wiki. here is the error that i got:
>
> from RkHunter:
>
> Performing 'known good' check...
> /bin/kill [ BAD ]
> /sbin/insmod [ BAD ]
> /sbin/lsmod [ BAD ]
> /sbin/modprobe [ BAD ]
> /usr/bin/file [ BAD ]
[...]
> is this false positives??
Yes and no -- those are modified from the standard packages you would
have in a normal system, but the modification is to be expected with
OpenVZ. Er, except maybe the /usr/bin/file binary...
> from ChkRootKit:
> Checking `lkm'... You have 74 process hidden for readdir command
> chkproc: Warning: Possible LKM Trojan installed
Again, probably expected: the proc file system within the VE isn't
identical to a physical system.
Daniel
--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: [EMAIL PROTECTED]
http://digital-infrastructure.com.au/
_______________________________________________
Users mailing list
[email protected]
https://openvz.org/mailman/listinfo/users
