Hi!
Below is example of report which I received from chkrootkit. What's the
goal of listing all these .keep and .packlist files? There a lot of them,
and this make report hard to read. I've checked some of these files -
.keep files has 0 bytes, .packlist files contains list of files in perl
modules, so they all ok. I think these files should be excluded from
chkrootkit report, or, if some rootkits use them, then these files should
be checked by chkrootkit and reported only if they have unusual content...
or I misunderstood something?
----- Forwarded message from [EMAIL PROTECTED] -----
Date: 26 Aug 2006 13:42:26 +0300
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: cron: test -x /usr/sbin/run-crons && /usr/sbin/run-crons
/usr/lib/.keep /usr/lib/motif/.keep
/usr/lib/perl5/5.8.6/i686-linux/auto/Test/Simple/.packlist
/usr/lib/perl5/5.8.6/i686-linux/auto/Test/Tester/.packlist
/usr/lib/perl5/5.8.6/i686-linux/auto/Time/HiRes/.packlist
/usr/lib/perl5/5.8.6/i686-linux/auto/Digest/.packlist
/usr/lib/perl5/5.8.6/i686-linux/auto/ExtUtils/ParseXS/.packlist
/usr/lib/perl5/5.8.6/i686-linux/auto/ExtUtils/MakeMaker/.packlist
/usr/lib/perl5/5.8.7/i686-linux/auto/CGI/.packlist
/usr/lib/perl5/5.8.8/i686-linux/auto/Test/Simple/.packlist
/usr/lib/perl5/5.8.8/i686-linux/.packlist
/usr/lib/perl5/site_perl/5.8.6/CPANPLUS/inc/.inc
/usr/lib/perl5/site_perl/5.8.6/CPANPLUS/inc/installers/.installers
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/Mock/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/mysql/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IPC/Cmd/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/LWP/Parallel/.packl!
ist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/PAR/Dist/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Log/Log4perl/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Pod/Simple/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Pod/Coverage/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Pod/Escapes/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/URI/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sub/Uplevel/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sub/Scheduler/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/WWW/Mechanize/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Apache/DBI/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Carp/Assert/More/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Carp/Assert/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Data/Alias/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Parser/.packlist
/usr/lib/perl5/site_p!
erl/5.8.6/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/site_pe
rl/5.8.6/i686-linux/auto/HTTP/Server/Simple/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Find/Rule/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Slurp/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/List/MoreUtils/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Math/Pari/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadKey/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadLine/Gnu/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Pod/Coverage/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Pod/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/WWW/Mechanize/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Warn/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Memory/Cycle/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Output/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Distribution/.packlist
/usr/lib!
/perl5/site_perl/5.8.6/i686-linux/auto/Test/LongString/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/MockModule/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Differences/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/MockObject/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Exception/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Diff/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Glob/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Time/HR/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tree/DAG_Node/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/YAML/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/CPANPLUS/Dist/Build/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/CPANPLUS/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Algorithm/Diff/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Config/Std/.packlist
/usr/lib/perl5/s!
ite_perl/5.8.6/i686-linux/auto/Digest/SHA/.packlist /usr/lib/perl5/sit
e_perl/5.8.6/i686-linux/auto/Digest/SHA1/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Array/Compare/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Std/Utils/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Std/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Data/Inheritable/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Singleton/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Cover/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Cycle/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/StackTrace/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Symdump/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/RC4/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Error/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Event/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/NB/IO/.packlist
/usr/lib/perl5/site_perl/5.8.!
6/i686-linux/auto/POWER/NB/Resolver/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/LOG/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/SQL/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/SSL/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Feed/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Tree/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/iCGI/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Email/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Epoll/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Event/Epoll/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Event/Timer/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Event/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Multi/GET/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Utils/IO/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686!
-linux/auto/POWER/Utils/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-
linux/auto/POWER/Utils/Resource/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Utils/HexDump/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/MetaSearch/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Parse/RecDescent/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Perl6/Export/Attrs/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Perl6/Export/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Perl6/Slurp/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Inline/CPP/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Inline/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Smart/Comments/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Locale/Maketext/Simple/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Load/Conditional/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Load/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Build/.packlist /us!
r/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/CoreList/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Signature/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Pluggable/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Starter/PBP/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Starter/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Compress/Zlib/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Number/Compare/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Params/Check/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Params/Validate/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Regexp/Common/Fast/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Regexp/Common/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Regexp/Common/RealHTML/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/AppConfig/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/!
auto/libwww-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/a
uto/Business/CreditCard/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Readonly/XS/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Readonly/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/UNIVERSAL/can/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/UNIVERSAL/isa/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/version/vxs/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/ExtUtils/CBuilder/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DateTime/Locale/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DateTime/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DateTime/TimeZone/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Exception/Class/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/JavaScript/SpiderMonkey/.packlist
/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Template/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/GD/Text/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686!
-linux/auto/GD/Graph/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/GD/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/DBD/mysql/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/DBI/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/FCGI/ProcManager/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/FCGI/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/Data/Alias/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/Devel/Cover/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/Crypt/MatrixSSL/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Feed/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Event/IO/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Event/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Utils/IO/.packlist
/usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/fb_c_stuff/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/GPG/.packlist /usr/lib/perl!
5/site_perl/5.8.8/i686-linux/auto/IPC/Run/.packlist /usr/lib/perl5/sit
e_perl/5.8.8/i686-linux/auto/IPC/Run3/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/X11/Protocol/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/X11/Keyboard/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/X11/SendEvent/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Data/Alias/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Class/MethodMaker/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Devel/Cover/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Crypt/GPG/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Crypt/MatrixSSL/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Email/Address/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/GnuPG/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/GnuPG/Interface/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/GPG/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/Event/IO/.packlist
/usr/lib/perl5/site_perl/5.8.8/i!
686-linux/auto/POWER/Utils/IO/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/Utils/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/Utils/Resource/.packlist
/usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/TimeDate/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Tk/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/DBD/mysql/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/DBI/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/Gdk/Pixbuf/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/Gdk/ImlibImage/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/base/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/GLArea/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/XmHTML/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/GladeXML/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Net/Daemon/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-l!
inux/auto/RPC/PlServer/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686
-linux/auto/URI/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/XML/Parser/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/XML/Writer/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Date/Manip/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/HTML/Parser/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/HTML/Tagset/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gaim/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk2/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/RRDp/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/RRDs/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Crypt/SSLeay/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/SDL_perl/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Locale/gettext/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Compress/Zlib/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/HTML-Tree/.packlist!
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/libwww-perl/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/ExtUtils/Depends/.packlist
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/ExtUtils/PkgConfig/.packlist
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Pod/Parser/.packlist
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/SAX/.packlist
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/Simple/.packlist
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/NamespaceSupport/.packlist
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Glib/.packlist
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Test/Harness/.packlist
/usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Image/Magick/.packlist
/usr/lib/samba/rpc/.keep /usr/lib/samba/auth/.keep /usr/lib/samba/idmap/.keep
/usr/lib/dbus-1.0/services/.keep /usr/lib/locale/.keep
/usr/lib/nessus/plugins/.desc /lib/.keep /lib/dev-state/.keep
/lib/rcscripts/sh/.keep /lib/rcscripts/awk/.keep /lib/rcscripts/.keep /l!
ib/rcscripts/net.modules.d/.keep /lib/rcscripts/net.modules.d/helpers.
d/.keep /lib/udev-state/.keep
/usr/lib/nessus/plugins/.desc
eth0: PF_PACKET(/usr/sbin/pppoe, /usr/sbin/pppoe)
eth1: PF_PACKET(/usr/sbin/pppoe, /usr/sbin/pppoe, /usr/sbin/pppoe)
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! powerman 12107 tty7 X :0 -dpi 120 -nolisten tcp -br -auth
/home/powerman/.serverauth.30366 -deferglyphs 16
----- End forwarded message -----
--
WBR, Alex.
--
gentoo-security@gentoo.org mailing list
