Re,
ça à l’air correct ,tu as un faux positif avec rkhunter:
[quote]@+* FALSE POSITIVES
Below is a list of packages which are known to set off false alarms in
rkhunter:
- slice: /usr/bin/slice sets false alarm about RH-Sharpe
- sash: as the root account is cloned to sashroot, rkhunter issues a
warning telling the sashroot account has UID=0.
If you have deliberately installed sash, you can avoid this warning thanks
to the UID0_ACCOUNTS configuration option in /etc/rkhunter.conf.
- hdparm: the string “hdparm” found in the initscripts leads to rkhunter warns
about possible Xzibit rootkit. Use the RTKT_FILE_WHITELIST option to whitelist
initscripts stating this string (eg. /etc/init.d/hdparm)
- IRC daemons trigger warnings about possible rogue IRC bot. You wan whitelist
the TCP port 6667, or, better, tell rkhunter to trust the executable, using the
PORT_WHITELIST option, eg: PORT_WHITELIST="/usr/bin/znc"
–
Below is a list of common hidden files and directories known to set off
false alarms in rkhunter:
- /dev/.static/, /dev/.udev & /dev/.udevdb/ - used by udev
- /etc/.java/ - it is common for java installations to use this
hidden directory
- /dev/.initramfs - created by initramfs-tools generated ramfs
filesystems during boot
In most cases, you can just ignore warnings about these files and directories.
Use ALLOWHIDDENFILE and ALLOWHIDDENDIR options in /etc/rkhunter.conf to
avoid them.
[/quote]
bugs.debian.org/cgi-bin/bugreport.cgi?bug=576680
bugs.debian.org/cgi-bin/bugreport.cgi?bug=561308
Bon je ne suis pas non plus un spécialiste en désinfection,je t’ai donner tout ce que je sait du sujet,ça à l’air clean.
Maintenant,comment t’expliquer ce changement de nom dans ta messagerie,je ne sais pas…désolé
