-   Linux - Security (
-   -   Three new Rkhunter warnings... (

Amdx2_x64 10-27-2010 11:40 PM

Three new Rkhunter warnings...
I just installed Debian Squeeze yesterday, with Gnome. I also installed XFCE and noticed the following after I ran rkhunter (chkrootkit came back fine.) Should I worry or is it probably just something that goes along with XFCE maybe?


[23:32:34] Checking for string 'hdparm' [ Warning ]

[23:32:35] Found string 'hdparm' in file '/etc/init.d/.depend.boot'. Possible rootkit: Xzibit Rootkit
[23:32:35] Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible rootkit: Xzibit Rootkit

joec@home 10-27-2010 11:45 PM

As XFCE touts increased speed, the hdparm is for advanced hard drive tuning, and you stated the scan is directly after the install, most likely this is a false positive. This is a very good reason to understand the baseline of any diagnostic program. For example I like to use chkrootkit along side rkhunter, and if you ever run it on a cPanel box chkrootkit goes nuts!

Amdx2_x64 10-27-2010 11:48 PM

That is why I either research it and/or ask here rather then panicking. Anything is possible but I was thinking it was more likely that it had to do with XFCE, I just wasn't sure how. Now I know.

Thanks for the reply.

All times are GMT -5. The time now is 02:21 PM.