Le vendredi 30 avril 2010 à 23:27 +0200, noname a écrit :
> Package: rkhunter
> Version: 1.3.6-4
> Severity: normal
>
> I installed rkhunter, did 'rkhunter --check' and got two warnings.
> Here are the relevant entries from the log.
>
> [23:05:11] Warning: Checking for possible rootkit strings [ Warning ]
> [23:05:11] Found string 'hdparm' in file '/etc/init.d/hdparm'.
> Possible rootkit: Xzibit Rootkit
> [23:05:11] Found string 'hdparm' in file '/etc/init.d/.depend.boot'.
> Possible rootkit: Xzibit Rootkit
Please read README.Debian:
* hdparm: the string "hdparm" found in the initscripts leads to rkhunter
warns
about possible Xzibit rootkit. Use the RTKT_FILE_WHITELIST option to
whitelist
initscripts stating this string (eg. /etc/init.d/hdparm)
> [23:05:29] Checking for hidden files and directories [ Warning ]
> [23:05:29] Warning: Hidden directory found: /etc/.java
> [23:05:29] Warning: Hidden directory found: /dev/.udev
> [23:05:29] Warning: Hidden directory found: /dev/.initramfs
Please check rkhunter.conf
Cheers
Julien
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
