As a sort of continuation to the "prelinking" thread I posted a while ago, a run of chkrootkit has output back at me "Possible t0rn(v8) rootkit installed."
Rkhunter, since I have this on hand to check, has not detected such a thing and no files or ports seem to be out of place.
Is this a false positive which occurs after prelinking, or just on Etch in general?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
chkrootkit false positive? / prelinking (t0rn)
-
StarsAndBars14
- Posts: 23
- Joined: 2006-08-16 07:44
- Location: The home state of Slick Willy Clinton
chkrootkit false positive? / prelinking (t0rn)
Hypocrisy is like Windows XP: pathetic, a sign of insecurity, and a product of questionable practices.
-
StarsAndBars14
- Posts: 23
- Joined: 2006-08-16 07:44
- Location: The home state of Slick Willy Clinton
Then I guess the next thing I do is reinstall rkhunter.
(Edit: Yup, it is a false positive. libproc-dev is installed and, according to users on the debian-isp mailing list, that seems to play around with t0rn detection a little.)
(Edit: Yup, it is a false positive. libproc-dev is installed and, according to users on the debian-isp mailing list, that seems to play around with t0rn detection a little.)
Hypocrisy is like Windows XP: pathetic, a sign of insecurity, and a product of questionable practices.