I have this situation
One home server and only ports open to the world are 80 and 25 (and irc-dancerd 'till today)... I've recently installed some security related tools (such as nessus)... Well to get to the point, this morning tiger reported
From: "Tiger automatic auditor at localhost.localdomain" <firstname.lastname@example.org>
Subject: Tiger Auditing Report for localhost.localdomain
Date: Fri, 24 Feb 2006 08:00:24 +0100
# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
NEW: --WARN-- [rootkit004w] Chkrootkit has detected a possible rootkit installation
NEW: Warning: Possible LKM Trojan installed
# Checking for existence of log files...
# Checking running processes
# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...
Why would tiger report this, since possibility of rootkit is (as I see it) near 0 (unless I did some sleep-walking)?
ps some googling said it could be a false report, and running manually chkrootkit finds nothing suspicious...however I'm puzzled as to what caused it