Re: zk rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 21 November 2003 16:22, Bret Hughes wrote:

> you are not running the same thing.
>
> the [ -f filename ] is a test to see if a file is a regular file and
> exists.  the -o is an operator to the test function not passed to run.
> infact [ is a symbolic link to test

Thanks for the education, Bret, I misread to precedence of who owned the 
switches.

> on my fedora test box:
> the return code indicates that neither test was true.

[agreen@fastcat agreen]$ ll /usr/bin/run
- -rwxr-xr-x    1 root     root        28380 Sep 26 14:52 /usr/bin/run

If I understood you correctly then this is enough to fire the warning?

[agreen@fastcat agreen]$ rpm --query --whatprovides /usr/bin/run
run-2.0-3

Sure enough when I look at 

http://download.fedora.redhat.com/pub/fedora/linux/core/1/i386/os/Fedora/RPMS/ 

I see 

run-2.0-3.i386.rpm  

Downloading it and looking in it shows

[agreen@fastcat agreen]$ rpm -q --list -p run-2.0-3.i386.rpm
warning: run-2.0-3.i386.rpm: V3 DSA signature: NOKEY, key ID 4f2a6fd2
/usr/bin/run
/usr/share/doc/run-2.0
/usr/share/doc/run-2.0/README
/usr/share/man/man1/run.1.gz

It seems if you have this fedora package installed, you will fire the warning 
in chkrootkit.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/vkKEjKeDCxMJCTIRAv4yAJ43FK8BRI2ja+yY7rG4MmcPiokLCQCdHJjz
HYZGCRPcgud9EsyhrLMVmTw=
=6zD+
-----END PGP SIGNATURE-----




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux