Mike McCarty wrote:
Rich Lafferty wrote:
On Wed, Feb 22, 2006 at 04:23:10PM -0600, Mike McCarty
<mike.mccarty@xxxxxxxxxxxxx> wrote:
I ran chrootkit today, and it spit this out [in the middle
of a bunch of "nothing found" reports]
Searching for suspicious files and dirs, it may take a while...
/usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock
/usr/lib/qt-3.3/etc/settings/.qtrc.lock
[snip]
Total of 200 files it didn't like. I don't see anything there that
looks particularly suspicios. What's going on? Anyone know?
My guess is that they are suspicious because they are dotfiles in
directories that aren't home directories. If chkrootkit didn't claim
that it detected some particular rootkit, it's just telling you that you
might want to look at those to decide whether or not they belong there.
That's certainly a posibility. But I've run it before without
it complaining, and I haven't upgraded chrootkit. Also, the
dates on those files are mostly 2004.
See this:
[summer@bilby downloads]$ ls --time=ctime xdialog-2.1.2-1.rf.src.rpm
-rw-rw-r-- 1 summer 451396 Jan 4 19:27 xdialog-2.1.2-1.rf.src.rpm
[summer@bilby downloads]$ ls xdialog-2.1.2-1.rf.src.rpm
-rw-rw-r-- 1 summer 451396 Feb 22 2005 xdialog-2.1.2-1.rf.src.rpm
[summer@bilby downloads]$
It's the first that's important.
