On Wed, 31 Mar 2010 11:37:12 +0200 Michael Kiefer <[email protected]> wrote: >-- Warning: Network TCP port 47018 is being used by /usr/sbin/slapd. Possible rootkit: Possible Universal Rootkit (URK) component >Use the 'lsof -i' or 'netstat -an' command to check this. > >When I check using these instructions (some time after rkhunter has finished), >nothing shows up. Is this some false positive, or if not, what do you recommend to do?
- URK is a really old rootkit so chances of seeing it In The Wild are way low. - Since the port is not in use later on chances are this is transient use by another application. - Verifying hashes using your distributions package manager (or else against a "known good" package from your distributions repository) may help identify the binary as clean. Regards, unSpawn --- ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
