[WBEL-users] fresh install of WBEL, chkrootkit output

[King, John (Greg) (LMIT-HOU)]

I did a core install of the latest WBEL in our lab, then removed it down to
about 210 packages. After applying our security scripts to make some changes
to the default I began adding some tools such as chkrootkit (version .43)

The output flagged 2 items, both after google searching showed that they
look like false positives but I would like to know.

1. /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist

>From what i read some rpms sometimes leave such clutter behind and
checkrootkit is simply reporting that such a file exists in /usr/lib. 

2. eth0: PF_PACKET(/sbin/dhclient)

Also from reading this seems to be a necessary behavior for the dhclient if
it is running. 

thanks,


Greg King
LMIT