On Thu, 15 Apr 2004 14:48:52 -0400 "H. S." <[EMAIL PROTECTED]> wrote: > > I am running Debian Sarge (kernel 2.4.24-1-686). I ran chkrootkit (v > 0.42b) and got this message (along with all other "nothing found" > messages): > > Searching for suspicious files and dirs, it may take a while... > /usr/lib/plt/collects/readline/.DS_Store > > What does this mean? Should I be worried?
chkrootkit doesn't like hidden files in /usr/lib; it complains
about them even if they're supposed to be there and have normal
contents.
So the questions you have to answer are: does this file belong
here; and does it have in it what it's supposed to have?
Judicious use of apt-file or the contents of /var/lib/dpkg/info
may help you with the first question; comparing the content of
the file with an original from the installed .deb can help you
with the latter.
Also, README.Debian from the chkrootkit docs contains a list of
similar hidden files that have raised flags in the past. If this
file is OK, and it's from a Debian package, but you don't see it
in README.Debian, you may wish to file a wishlist bug against
chkrootkit, asking the maintainer to add it to the false positives
list.
-c
--
Chris Metzler [EMAIL PROTECTED]
(remove "snip-me." to email)
"As a child I understood how to give; I have forgotten this grace since I
have become civilized." - Chief Luther Standing Bear
pgp00000.pgp
Description: PGP signature
