On Mon, 16 Aug 2010 09:55:32 +0530, steve wrote: > Also, as far as the /usr/lib/.libssl.so.*.hmac files are concerned, google > tells > me that these files contain the HMAC checksum of the openssl libraries.
rpm -qf /usr/lib/.*hmac > So, that was a false positive by chkrootkit. Which is in the nature of chkrootkit. Don't rely on it. Many of its tests are not 100%, but just warn about suspicious file locations or activities (e.g. a process listening on a port known to be used by some backdoor trojans), which match a given pattern as defined in chkrootkit. It's the admin's job to verify the report and to examine a system closer. One could try to white-list "false positives", albeit by doing that one might run into the pitfall of getting it wrong. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
