Re: [cobalt-users] [RaQ4] removing old chrootkit

["Steve Werby" <steve-lists@xxxxxxxxxxxx>]

"William J.A. Brillinger" <billy@xxxxxxxxxx> wrote:
> What is the correct procedure for removing an old program like chrootkit?
> (please don't flame me, I know I'm stupid!)
>
> Can I just delete its directory?

I don't recall seeing a chkrootkit rpm, but if there is one you do this to
find the rpm (quick and dirty way):

rpm -qa | grep -i chkrootkit

Then rpm -e packagename from returned list.

But you probably installed from source and with chkrootkit, you do a "make
sense" and it installs into the directory containing the source.  So delete
that directory and any cron entries that call chkrootkit.  For most programs
installed from source, the final step to install them is "make install".
You can do a "make -n install" to see where files will be installed (or
after the fact to see where they were installed) and manually remove them.
Or if you're comfortable, you can skip the make install script and leave the
files where they are or manually copy them to where you want them to be.
And in most cases you can specify --wiht-prefix=/path_to/somewhere to
install the programs to a location of your chosing.  I generally do this and
install to something like /home/installations/programname.  Might be more
than you asked, but hopefully someone will find this useful.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/