On Sat, Apr 21, 2007 at 10:04:20PM +0300, peter kostov wrote: > On the other machine in my local network there is one 'bad' binary > reported by rkhunter - wget. This second computer accesses the Internet > through the one we are discussing. > It is also running FC5 with yum, although the installation isn't exactly > the same. > > Peter rkhunter is slightly dumb when it comes to the system binaries. They have been modified by the "prelink" process in Fedora, and thus don't match the distributed MD5sums. The fact that you don't have any other indications of an infection is good. I prefer chkrootkit to rkhunter, because it desn't depend on the binaries prelinking messes up. Wolfe
Attachment:
pgpwXHWVnTP3a.pgp
Description: PGP signature
