ssh checksum error

[mcmanus at ducksong.com (Patrick R. McManus)]

false positives on dotfiles are fairly common for that package.. I
don't know why. when it detects a rootkit crack that it knows about a
billion alarms go off and it's hard to miss ;)



[Bill Horne: Wed, May 01, 2002 at 08:57:46PM -0400]
> "Patrick R. McManus" wrote:
> 
> > [Derek D. Martin: Tue, Apr 30, 2002 at 11:55:25PM -0400]
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Off list, someone asked me:
> > > > Two questions:
> > > >
> > > > 1. Are there security tools that will tell if my machine has been
> > > > owned?
> > >
> > > Yes, but they generally require that you use them BEFORE there's any
> > > possibility of your system being compromised (i.e. before it's been
> >
> > I've found chkrootkit (http://www.chkrootkit.org/) helpful after the
> > fact. Negative reports (not cracked) are, of course, not to be
> > trusted in any install-after-the-fact pacakges, but I like how it will
> > give a quick positive to confirm any suspicions for most common cases.
> >
> > -P
> >
> > _______________________________________________
> > Discuss mailing list
> > Discuss at blu.org
> > http://www.blu.org/mailman/listinfo/discuss
> 
> I just ran it: it looks OK, accept for a warning about a "suspicious" file
> in the perl5 directory chain: ".packlist"
> 
> I've copied the file to my html directory: please examine it and tell me
> what looks suspicious. TIA.
> 
> http://billhorne.homelinux.org/packlist
> 
> Bill
> 
> 
> 
> --
> Bill Horne
> PGP key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0xB1D7BB90
> 
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss