Got this lines when I runned chkrootkit: Code: eth0: PACKET SNIFFER(/sbin/dhclient3[6395]) ... Checking `z2'... user root deleted or never logged from lastlog! I read at google that z2 line could be caused because I have never login as root but used sudo or su commands... but the first one? Any clues? In eth1 i get this: Code: eth1: not promisc and no packet sniffer sockets So thats why I'm asking about eth0. Thanks for your help.
The packet sniffer line appears, when your server is setup to get its IP address with DHCP. For example the german hoster 1and1 uses this type of setup. You can check your server with RootkitHunter too http://www.rootkit.nl, if you dont get this warning there too, everything is OK.
