From: Sebastian Harl Date: Sun, 7 Oct 2007 13:01:50 +0000 (+0200) Subject: README: Added a note about collectd and chkrootkit. X-Git-Tag: collectd-4.1.3~8 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=1c9b59fa7f59cc027d09494102977063c6330d88;p=collectd.git README: Added a note about collectd and chkrootkit. chkrootkit reports collectd as a packet sniffer, which most probably is a false positive if using the "dns" plugin. Signed-off-by: Sebastian Harl Signed-off-by: Florian Forster --- diff --git a/README b/README index 57ae4550..f1d78600 100644 --- a/README +++ b/README @@ -236,6 +236,17 @@ Operation the values and read the rrdtool(1) manpage thoroughly. +collectd and chkrootkit +----------------------- + + If you are using the `dns' plugin chkrootkit(1) will report collectd as a + packet sniffer (": PACKET SNIFFER(/usr/sbin/collectd[])"). The + plugin captures all UDP packets on port 53 to analyze the DNS traffic. In + this case, collectd is a legitimate sniffer and the report should be + considered to be a false positive. However, you might want to check that + this really is collectd and not some other, illegitimate sniffer. + + Prerequisites -------------