[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] suspicious chkroot report
- Subject: Re: [cobalt-security] suspicious chkroot report
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 10 Jul 2002 23:19:55 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Paul,
> I have not added any packages in several days but chkroot reports some new
> Perl files. Anybody out there with more experience understand what's
> happening here?
> Searching for suspicious files and dirs, it may take a while...
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
>/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist
> /usr/lib/perl5/5.00503/i386-linux/.packlist
Each time a Perl module is installed such a .packlist is generated and it
contains a list of all files and folders associated with that package. That
makes it easier for people to build RPMs with those modules and helps when
someone wants to delete a PERL module and all associated files.
The modules mod_perl, MD5, Quota, XML::Parser and Devel::Symdump are usually
installed on a RaQ, so this report is nothing to worry about. If out of the
sudden additional Perl modules appear and you didn't install 'em, then you
can start to worry. :o)
These .packlist files which are presently on your system will always get
reported by Chkrootkit. You could as well go ahead and delete 'em to stop
those reports.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer