i tried to install force util-linux rpm, the installation is succeeded. then i run rkhunter again, but still get the same error on this files:
> /bin/kill [ BAD ] > /sbin/insmod [ BAD ] > /sbin/lsmod [ BAD ] > /sbin/modprobe [ BAD ] > /usr/bin/file [ BAD ] does a rpm -ivh --force do overwrite the current installation files on the server? i do this inside VE Best Regards, Markus ----- Original Message ---- From: Daniel Pittman <[EMAIL PROTECTED]> To: [email protected] Sent: Tuesday, May 8, 2007 7:12:37 PM Subject: Re: [Users] error from RkHunter and ChkRootKit Markus Hardiyanto <[EMAIL PROTECTED]> writes: > I install RkHunter and ChkRootKit inside VE. the VE is using Centos > 4.4 minimal installation. i download the Centos image from the list on > OpenVZ Wiki. here is the error that i got: > > from RkHunter: > > Performing 'known good' check... > /bin/kill [ BAD ] > /sbin/insmod [ BAD ] > /sbin/lsmod [ BAD ] > /sbin/modprobe [ BAD ] > /usr/bin/file [ BAD ] [...] > is this false positives?? Yes and no -- those are modified from the standard packages you would have in a normal system, but the modification is to be expected with OpenVZ. Er, except maybe the /usr/bin/file binary... > from ChkRootKit: > Checking `lkm'... You have 74 process hidden for readdir command > chkproc: Warning: Possible LKM Trojan installed Again, probably expected: the proc file system within the VE isn't identical to a physical system. Daniel -- Digital Infrastructure Solutions -- making IT simple, stable and secure Phone: 0401 155 707 email: [EMAIL PROTECTED] http://digital-infrastructure.com.au/ _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users Send instant messages to your online friends http://uk.messenger.yahoo.com _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
