You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the weblog chkrootkit and false positives?

#1 Re: chkrootkit and false positives? Posted by simonw (84.45.xx.xx) on Fri 26 Jan 2007 at 21:27 I doubt it is a rootkit, but the only way to tell is shutdown, boot from clean media, and verify the integrity of everything. Unless I had suspicions I'd probably be content if restarting mysql and apcupsd got rid of them, and restarted things appropriately. Although it is possible the shutdown scripts may barf if the ps output isn't accurate. If it is the bugs, it probably is fixed by now, but it may not be in sarge. I've run much more recent kernels built from stock source with kernel-package on sarge, if you feel a fix is crucial. I get a lot of transient false positives from chkrootkit, but they are usually just processes changing state when it runs. Chkrootkit likes to imply that dhcpd is promiscuous, sounds like slander to me ;)

Username:	Anonymous
Title:
Your Comment:
Posting Format:	BBCode HTML Text Plain Text Textile

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account