Check Root kit

[paulywauly]

after installing fedora 8 from the main place and running chkrootkit i get some weird lines can anyone tell me what this is all about????

Searching for suspicious files and dirs, it may take a while...
/usr/lib/gtk-2.0/immodules/.relocation-tag

checking `sniffer'... eth0: PF_PACKET(/usr/sbin/wpa_supplicant, /usr/sbin/wpa_supplicant, /sbin/dhclient)

Checking `z2'... user root deleted or never logged from lastlog!
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !

could i allready have a problem with this system and if i do it was just downloaded and installed within the last 2 hrs of installation this showed up

[universe_r9]

i don't know about it sorry!

[jim]

check for updates to the script and run again.

[Evil_Bert]

No updates to the chrootkit package as yet.

{warning - I am not an expert}

I wouldn't worry about the wpa and dhclient stuff - all normal as these are low level routines attached to your eth0 interface in order to provide network functionality. If you used fixed LAN addresses and turned off dhcp (and its services) and similarly turned off wireless support (and its services) you could rid yourself of these lines, if it really bothered you.

In F7, I always had a 'z2' and a 'chkutmp' line (referring to the X server) but haven't yet figured out why ... they appear to be normal, however, as I've seen them discussed from time to time.

The .relocation-tag line refers to a hidden executable file in the /usr/lib/gtk-2.0/immodules/ folder that was not there in Fedora7 ... but it appears to be a bone-fide inclusion in the latest f8 gtk2 rpm:

http://rpmfind.net/linux/RPM/fedora/...c8.x86_64.html
(listed in 'files' section, near bottom of page)

... so I'd guess it's OK until demonstrated otherwise.