![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3d812cd)
raw | patch | inline | side by side (parent: 3d812cd)
| author | Sebastian Harl <sh@tokkee.org> | |
| Sun, 7 Oct 2007 13:01:50 +0000 (15:01 +0200) | ||
| committer | Florian Forster <octo@huhu.verplant.org> | |
| Tue, 9 Oct 2007 16:02:20 +0000 (18:02 +0200) |
chkrootkit reports collectd as a packet sniffer, which most probably is a
false positive if using the "dns" plugin.
Signed-off-by: Sebastian Harl <sh@tokkee.org>
Signed-off-by: Florian Forster <octo@huhu.verplant.org>
false positive if using the "dns" plugin.
Signed-off-by: Sebastian Harl <sh@tokkee.org>
Signed-off-by: Florian Forster <octo@huhu.verplant.org>
| README | patch | blob | history |
index 57ae4550a0b1d1de25eb11e033671e6b764b4989..f1d78600c2466a5f6f8a0d85d968e1077c93bbad 100644 (file)
--- a/README
+++ b/README
the values and read the rrdtool(1) manpage thoroughly.
+collectd and chkrootkit
+-----------------------
+
+ If you are using the `dns' plugin chkrootkit(1) will report collectd as a
+ packet sniffer ("<iface>: PACKET SNIFFER(/usr/sbin/collectd[<pid>])"). The
+ plugin captures all UDP packets on port 53 to analyze the DNS traffic. In
+ this case, collectd is a legitimate sniffer and the report should be
+ considered to be a false positive. However, you might want to check that
+ this really is collectd and not some other, illegitimate sniffer.
+
+
Prerequisites
-------------