Re: [Rkhunter-users] hdparm
Brought to you by:
dogsbody
Menu
▾
▴
Re: [Rkhunter-users] hdparm
|
From: gordy <lq...@gm...> - 2010-09-21 11:37:50
|
On 21/09/2010, Richard Spencer <spe...@gm...> wrote: > hi is this a false postive > /etc/init.d/hdparm > it appeared twice > i did the full --propupd HI It may be, I recently did a a clean install then ran RKH and saw hdparm mentioned for 2 files in the etc area but not specifically called /etc/init.d/hdparm. I resolved those FP (for me) by removing them from 2 "unable" to recall scripts in etc area. I recall those hdparm results were showing in the non-rootkit part of the log looking at strings, I think? 2) If you did not do clean install and clean install of RKH then my level of certainity is lowered. In other words all my positives were FP because it was a clean install with no net. 3) Were there any rootkits detected in the log? If unsure just provide the name of your distro, its version number and the snippet of your log results that relate to the potential positive pls. the log should name the files if you have similar results that I had. 4) If you need hdparm, my way won't help but you can then whitelist those files once you have peeked inside them. good luck |