Package: chkrootkit Version: 0.46a-3 Severity: normal I have this running:
[EMAIL PROTECTED]:~% ps axf|grep inetd 20437 pts/26 S+ 0:00 | \_ /usr/bin/ssh dumbledore /home/paul/redir --inetd --caddr=cugel --cport=22 getCMD "inetd" finds this, and checks /usr/bin/ssh using a regex appropriate for inetd. This reports inetd as infected, since of course ssh contains the string "/bin/sh". I had to debug chkrootkit by hand to figure out what binary it actually tested (nice to log that), and why it thought it was infected. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-rc1 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages chkrootkit depends on: ii binutils 2.16.1cvs20060117-1 The GNU assembler, linker and bina ii debconf [debconf-2.0 1.4.72 Debian configuration management sy ii libc6 2.3.6-4 GNU C Library: Shared libraries an ii net-tools 1.60-17 The NET-3 networking toolkit ii procps 1:3.2.6-2.1 /proc file system utilities chkrootkit recommends no packages. -- debconf information: * chkrootkit/run_daily_opts: -q -n * chkrootkit/run_daily: true * chkrootkit/diff_mode: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
