Hello,
i believe that it is not appropriate to hide processes that, we
suppose, are legitimate [1].
It is somewhat easy to parse any regular expression, and customize
files/directories names of the rootkit that match it, thus avoiding its
detection.
Please, use etc/chkrootkit/chkrootkit.ignore
hi harry,
thanks for the report - I don't think this a bug per se, but it is
helpful reminder of knockd
while knockd is not a malicious packet sniffer, it does "sniff
packets" (not the greatest term in any case), so chkrootkit is working
as intended by flagging it. It's the classic case of a
2 matches
Mail list logo