zk rootkit
Andy Green
fedora at warmcat.com
Fri Nov 21 16:51:16 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 21 November 2003 16:22, Bret Hughes wrote:
> you are not running the same thing.
>
> the [ -f filename ] is a test to see if a file is a regular file and
> exists. the -o is an operator to the test function not passed to run.
> infact [ is a symbolic link to test
Thanks for the education, Bret, I misread to precedence of who owned the
switches.
> on my fedora test box:
> the return code indicates that neither test was true.
[agreen at fastcat agreen]$ ll /usr/bin/run
- -rwxr-xr-x 1 root root 28380 Sep 26 14:52 /usr/bin/run
If I understood you correctly then this is enough to fire the warning?
[agreen at fastcat agreen]$ rpm --query --whatprovides /usr/bin/run
run-2.0-3
Sure enough when I look at
http://download.fedora.redhat.com/pub/fedora/linux/core/1/i386/os/Fedora/RPMS/
I see
run-2.0-3.i386.rpm
Downloading it and looking in it shows
[agreen at fastcat agreen]$ rpm -q --list -p run-2.0-3.i386.rpm
warning: run-2.0-3.i386.rpm: V3 DSA signature: NOKEY, key ID 4f2a6fd2
/usr/bin/run
/usr/share/doc/run-2.0
/usr/share/doc/run-2.0/README
/usr/share/man/man1/run.1.gz
It seems if you have this fedora package installed, you will fire the warning
in chkrootkit.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/vkKEjKeDCxMJCTIRAv4yAJ43FK8BRI2ja+yY7rG4MmcPiokLCQCdHJjz
HYZGCRPcgud9EsyhrLMVmTw=
=6zD+
-----END PGP SIGNATURE-----
More information about the users
mailing list