1 Feb
2004
1 Feb
'04
19:22
On Sunday 01 February 2004 20.17, Hartmut Meyer wrote:
I use chkrootkit-0.43 and get no alarm on my SUSE 9.0. "rpm -Vf $(which top)" reports nothing here:
linux:~ # /usr/local/src/chkrootkit-0.43/chkrootkit | grep top Checking `top'... not infected linux:~ # rpm -Vf $(which top) linux:~ #
The problem is in the "top" in the ps package from /pub/people/kraxel The top binary in that contains the string "/prof", which chkrootkit detects as a sign of an infected binary That string isn't in the src.rpm from kraxel's directory, and if you rebuild the rpm from that src.rpm you also won't see that string.