On Sun, 2005-04-03 at 23:03 -0400, Jim Cornette wrote: > Gene Heskett wrote: > > On Sunday 03 April 2005 08:42, Jim Cornette wrote: > > > >>Since there was discussions regarding rootkits and how they are > >>getting into systems, I ran chkrootkit and am more concerned about > >>the suspicious files that it referred to. > >> > >>Searching for suspicious files and dirs, it may take a while... > >>/usr/lib/perl5/5.8.6/i386-linux-thread-multi/.packlist > >>/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/NKF/.p > >>acklist > >>/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/mod_p > >>erl/.packlist > >> > >>/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/Gaim/. > >>packlist > >> > >>/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DCOP/.pa > >>cklist > >> > >> > >>Hopefully this does not indicate anything to be alarmed about. Is > >>this a rational assumption? > >> > >>Jim > > > > > > I don't think these are Jim. But do pay attention to the names a > > level or so back up the tree, I suppose there could be a surprise > > there. > > Not to sound dense, but the linux threads are they not used for 2.6 > kernels and for the nptl backported kernels? I'm probably looking at the > wrong portion of the path to th file. > > Looking through the packlist, I could see why it is marked suspicious. :-) Have you installed any perl modules manually (i.e. not using RPMs)? That might well result in .packlist files like these. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
