Why do /usr/lib/.libssl.so.1*.hmac file exist on my system ?

Kevin Fenzi kevin at scrye.com
Mon Aug 16 04:21:27 UTC 2010


On Mon, 16 Aug 2010 09:16:10 +0530
steve <steve at lonetwin.net> wrote:

...snip...

> Searching for suspicious files and dirs, it may take a while...
> /usr/lib/.libssl.so.1.0.0a.hmac /usr/lib/.libssl.so.10.hmac 
> /usr/lib/.libcrypto.so.10.hmac /usr/lib/.libcrypto.so.1.0.0a.hmac 
> /lib/.libgcrypt.so.11.hmac

Those are FIPS hmac files. They are shipped with the fedora packages
and do not indicate any tampering. 

...snip...

> My question is why do this files exist and if they are valid, should
> this be a bug against chkrootkit to not show this up as a
> 'suspicious' file ?

Yes, it should I would think. 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100815/75101c48/attachment.bin 


More information about the users mailing list