Hello... I have installed CHKROOTKIT as per information listed on the forums and have included a daily.cron job to email me a report of only possible exploits (-q switch). I am still a bit new to this application, I must admit... so please tell me if this is anything to be concerned about.
My first emailed report result had these entries in it only, with no explanation:
usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Net/CIDR/Lite/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SPF/Query/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist /usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Storable/.packlist /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Digest/.packlist
I ran CHKROOTKIT manually to see where the results fit in and they are listed under the "Searching for suspicious files and dirs, it may take a while..." area of the report. Should I be concerned about this? Could this simply be a false positive, so to speak?
TIA
My first emailed report result had these entries in it only, with no explanation:
usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Net/CIDR/Lite/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SPF/Query/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist /usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Storable/.packlist /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Digest/.packlist
I ran CHKROOTKIT manually to see where the results fit in and they are listed under the "Searching for suspicious files and dirs, it may take a while..." area of the report. Should I be concerned about this? Could this simply be a false positive, so to speak?
TIA
