Hallo, Tanstaafl, Du meintest am 16.05.10:
> [03:11:58] Warning: Checking for possible rootkit strings [ > Warning ] [03:11:58] Found string 'hdparm' in file > '/etc/init.d/hdparm'. Possible rootkit: Xzibit Rootkit > [03:11:58] Found string 'hdparm' in file > '/etc/init.d/pciparm'. Possible rootkit: Xzibit Rootkit >> The 'hdparm' one is possibly a false-positive, but that's for you to >> check. > Ok, well, I examined the two scripts, and didn't see anything unusual > about them... but I'm not a forensics expert, just a lowly admin > wanna-be... any other suggestions/pointers? See the thread "rcs files", just a week old. I had solved the "Xzibit" warnings with RTKT_FILE_WHITELIST=/etc/init.d/boot.local # wegen Xzibit etc. Viele Gruesse! Helmut ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
