Fedora and chkrootkit
Andy Green
fedora at warmcat.com
Wed Dec 17 13:06:07 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 16 December 2003 07:42, Michael Kearey wrote:
> Sam Barnett-Cormack wrote:
> > That particular one can occur if certain binaries aren't fully stripped.
> > If they aren't stripped or optimised, or have debugging info in, then
> > they trigger that test.
> >
> > On Mon, 15 Dec 2003, Pedro Fernandes Macedo wrote:
>
> In addition, 'short lived' processes may trigger the hidden processes
> check. It is probably best to run chkrootkit at a lower runlevel,
> without X and other things running.
This was discussed a couple of weeks ago on the list, the Fedora 'run' package
creates /usr/bin/run, which chrootkit considers evidence of rootkit activity.
Its a false alarm. I emailed the chrootkit people about it but did not hear
back.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/4FS/jKeDCxMJCTIRAuxtAJ9f+FoA/Bo+8J5IzGjRsJtbYDwZjACeLFra
/pE2c8cwvgpP28C0m4ugUZY=
=YgWL
-----END PGP SIGNATURE-----
More information about the users
mailing list