Hi all,

need advice on this . . . should I be concerned . . . FC5 on x86 kernel-2.6.16-custom . . . thanks in advance

[root@localhost box#]chkrootkit -q

/usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock /usr/lib/qt-3.3/etc/settings/.qtrc.lock

/proc/2664/fd: No such file or directory
eth0: PF_PACKET(/sbin/dhclient)
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2337 tty5 /sbin/mingetty tty5
! root 2348 tty6 /sbin/mingetty tty6
! root 2433 tty7 /usr/bin/Xorg :0 -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7

No, these messages are quite normal. You will also occassionally see a false positive on an LKM trojan, also normal.

Processes start and terminate all the time, making the consolidation of information on misbehaving software a little problematic.

Manually check the .packlist and .qtrc.lock file. chkrootkit flags anything outside of standard user homedirs that has a filename prefixed with "." ,so these are normal as well. For the PF_PACKET warning, verify the integrity of the dhclient bianry with rpm -V dhclient (it will give no output if it passes). As macemoneta said, these are fairly common false positives, but it is a good idea to follow up on them anyway.