All hidden files (starting with a dot) not known to chkrootkit are considered suspicious. I find lots of .packlist from installing PERL modules.
I don't, but I think I should, run chkrootkit from a readonly medium. Somebody is going to add a hacked chkrootkit to a root kit sooner or later. Wouldn't hurt to backup /sbin and /bin on the cd either. Several of those files are going to he hacked in an exploit. Jim Tarvid On Monday 03 June 2002 20:31, engage wrote: > chkrootkit displayed the following: > > Searching for suspicious files and dirs, it may take a while... > /usr/lib/libDrakX/auto/Newt/.exists /usr/lib/libDrakX/auto/c/stuff/.exists > /usr/lib/libDrakX/auto/resize_fat/c_rewritten/.exists > /lib/aurora/default/.gtkrc /lib/aurora/default/icons/.xpm > /lib/aurora/default-categorizing/icons/.xpm > > > Are these files actually trouble? The .exists files are 0 bytes.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
