chkrootkit, need some info for two lines...

Discussion in 'General' started by danf.1979, Feb 3, 2006.

  1. danf.1979

    danf.1979 Member

    Got this lines when I runned chkrootkit:
    eth0: PACKET SNIFFER(/sbin/dhclient3[6395])
    Checking `z2'... user root deleted or never logged from lastlog!
    I read at google that z2 line could be caused because I have never login as root but used sudo or su commands... but the first one? Any clues?
    In eth1 i get this:
    eth1: not promisc and no packet sniffer sockets
    So thats why I'm asking about eth0. Thanks for your help.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The packet sniffer line appears, when your server is setup to get its IP address with DHCP. For example the german hoster 1and1 uses this type of setup.

    You can check your server with RootkitHunter too, if you dont get this warning there too, everything is OK.

Share This Page