On Thu, 9 Jun 2011 10:37:22 -0500, M.E. wrote: > This only leave 3 doubts... What about the Trojan mentioned > in line 111 of chkrootkit's output?
Run this: /usr/lib64/chkrootkit-0.49/chkdirs /tmp /usr/share /usr/bin /usr/sbin /lib It if isn't silent, it believes something is wrong with the link count of the directories and it concludes that there could be hidden directories. This may be because you're using "btrfs" instead of ext4. Could be a bug in chkrootkit's chkdirs tool or a concept that's inappropriate. Dunno. Somebody might want to investigate it. > and the "deletions" mentioned > on line 117, what does that mean? It's the result of running /usr/lib64/chkrootkit-0.49/chkwtmp and it may be necessary to examine whether the chkwtmp tool still does what it's supposed to do (check for deletions). Perhaps it's just broken on x86_64. Both chkutmp and chkwtmp have suffered from several bugs in the past, their C code isn't pretty, and not all bug-fixes have been applied in upstream chkrootkit yet either. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
