On Tue, 2007-10-23 at 17:39 -0600, Karl Larsen wrote: > Rick Stevens wrote: > > On Tue, 2007-10-23 at 17:00 -0600, Karl Larsen wrote: > > > >> Reading about Rootkit got me interested in chkrootkit so I d/l it > >> and ran it with -p which is quiet and it finished with this: > >> > >> [root@k5di ~]# chkrootkit -q > >> eth0: PF_PACKET(/sbin/dhclient) > >> The tty of the following user process(es) were not found > >> in /var/run/utmp ! > >> ! RUID PID TTY CMD > >> ! root 2962 tty7 /usr/bin/Xorg :0 -br -audit 0 -auth > >> /var/gdm/:0.Xauth -nolisten tcp vt7 > >> [root@k5di ~]# > >> > >> I am confused by this output. Does anyone know what this is and what I > >> should do with it? > >> > > > > Ignore it. When gdm fires up and takes over tty7 it doesn't put an > > entry in utmp. That's fairly minor. However, it's best to run > > chkrootkit in a non-GUI runstate (e.g. runstate 3). One way to do it > > is: > > > > 1. Log out of the GUI > > 2. Press CTRL-ALT-F1 to get to a regular console > > 3. Log in as root > > 4. # telinit 3 > > 5. # chkrootkit -q > > 6. # telinit 5 > > 7. Log back into the GUI > > > > ---------------------------------------------------------------------- > > - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - > > - CDN Systems, Internap, Inc. http://www.internap.com - > > - - > > - You know you've landed gear-up when it takes full power to taxi. - > > - -- Chuck Yeager - > > ---------------------------------------------------------------------- > > > > > Hi Rick and thank you! I was a Navy pilot and we had a guy sitting > on the edge of the deck watching us land. He had a radio that he would > yell "wheels!!" if we forgot. I never got called. > > Yes I will try it from level 3 and see if it finds anything. I'm a pilot, too. Fortunately, my Comanche has a horn that sounds when I throttle back with the gear up. It doesn't have a stall warning horn though. Go figure. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - - CDN Systems, Internap, Inc. http://www.internap.com - - - - We have enough youth, how about a fountain of SMART? - ----------------------------------------------------------------------
