[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] chkrootkit output

Subject: Re: [cobalt-users] chkrootkit output
From: Bill Campbell <bill@xxxxxxxxxxxxx>
Date: Wed Apr 9 15:00:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, Apr 09, 2003 at 05:49:02PM -0400, Paul Warner wrote:
>I've got Bruce's chkrootkit installed and get messages from each run with
>various
>directories that include a hidden file .packlist - are these needed or can I
>delete/rename to suppress messages until a _real_ hit occurs?  They all seem
>to be confined to the /usr/lib/perl5 subs...

The .packlist files are part of software installed using the normal CPAN
``perl Makefile.PL; make; make install'' process.

The trick is to save the output, check it thoroughly to insure the that
nothing in the ``suspicious files'' list is really dangerous, the compare
subsequent chkrootkit output against the baseline to see if there are
meaningful changes.

Bill
--
INTERNET:   bill@xxxxxxxxxxxxx  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

Government is actually the worst failure of civilized man. There has
never been a really good one, and even those that are most tolerable
are arbitrary, cruel, grasping and unintelligent.
        -- H. L. Mencken

References:
- [cobalt-users] chkrootkit output
  - From: Paul Warner

Prev by Date: [cobalt-users] chkrootkit output
Next by Date: Re: [cobalt-users] Qube3-All-Kernel-4.0.1-2.2.16C35-III-1.pkg
Previous by thread: [cobalt-users] chkrootkit output
Next by thread: [cobalt-users] RaQ550 to RaQ550 migration

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index