LinuxQuestions.org - Three new Rkhunter warnings...

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Three new Rkhunter warnings... (https://www.linuxquestions.org/questions/linux-security-4/three-new-rkhunter-warnings-840883/)

Amdx2_x64

10-27-2010 10:40 PM

Three new Rkhunter warnings...

I just installed Debian Squeeze yesterday, with Gnome. I also installed XFCE and noticed the following after I ran rkhunter (chkrootkit came back fine.) Should I worry or is it probably just something that goes along with XFCE maybe?

Quote:

[23:32:34] Checking for string 'hdparm' [ Warning ]

[23:32:35] Found string 'hdparm' in file '/etc/init.d/.depend.boot'. Possible rootkit: Xzibit Rootkit
[23:32:35] Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible rootkit: Xzibit Rootkit

joec@home

10-27-2010 10:45 PM

As XFCE touts increased speed, the hdparm is for advanced hard drive tuning, and you stated the scan is directly after the install, most likely this is a false positive. This is a very good reason to understand the baseline of any diagnostic program. For example I like to use chkrootkit along side rkhunter, and if you ever run it on a cPanel box chkrootkit goes nuts!

Amdx2_x64

10-27-2010 10:48 PM

That is why I either research it and/or ask here rather then panicking. Anything is possible but I was thinking it was more likely that it had to do with XFCE, I just wasn't sure how. Now I know.

Thanks for the reply.

All times are GMT -5. The time now is 11:01 AM.