One of the blogs I read just had an article about finding rootkits in Linux. While not worried about it, I thought it would be fun to check it out. They talked about 3 commands; lsattr, chkrootkit, and rkhunter. lsattr didn't find anything of interest the few directories I tried it on except that this line showed up for some files (I think they were all links): > lsattr: Operation not supported While reading flags on /bin/bzegrep > chkrootkit found > ROOTDIR is `/' > Searching for suspicious files and dirs, it may take a while... The > following suspicious files and directories were found: > /usr/lib/xulrunner-1.9.2.18/.autoreg > /usr/lib/firefox-3.6.18/.autoreg > /usr/lib/pymodules/python2.6/.path > /usr/lib/pymodules/python2.6/PyQt4/uic/widget-plugins/.noinit > /usr/lib/jvm/.java-6-openjdk.jinfo > /usr/lib/thunderbird-3.1.11/.autoreg > those are mainly empty files and the ones that were not seemed reasonable to an uneducated eye. Problem is that they don't say what it is that is considered suspicious rkhunter -c found > [08:27:47] Checking /dev for suspicious file types [ Warning ] > [08:27:47] Warning: Suspicious file types found in /dev: > [08:27:47] /dev/shm/pulse-shm-3633543672: data > [08:27:47] /dev/shm/pulse-shm-2330444361: data > [08:27:47] /dev/shm/pulse-shm-2759599877: data > [08:27:48] /dev/shm/pulse-shm-2688255106: data > [08:27:48] /dev/shm/pulse-shm-2964324177: data > [08:27:48] /dev/shm/pulse-shm-878858236: data > [08:27:48] Checking for hidden files and directories [ Warning ] > [08:27:48] Warning: Hidden directory found: /etc/.java > [08:27:48] Warning: Hidden directory found: /dev/.udev > [08:27:48] Warning: Hidden directory found: /dev/.initramfs > Similar comment. It is difficult to know what to check for. Again I am not worried, just curious. -- Dazed_75 a.k.a. Larry The spirit of resistance to government is so valuable on certain occasions, that I wish it always to be kept alive. - Thomas Jefferson