[collectd] [PATCH] README: Added a note about collectd and chkrootkit.
Sebastian Harl
sh at tokkee.org
Sun Oct 7 15:01:50 CEST 2007
chkrootkit reports collectd as a packet sniffer, which most probably is a
false positive if using the "dns" plugin.
Signed-off-by: Sebastian Harl <sh at tokkee.org>
---
README | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/README b/README
index 57ae455..f1d7860 100644
--- a/README
+++ b/README
@@ -236,6 +236,17 @@ Operation
the values and read the rrdtool(1) manpage thoroughly.
+collectd and chkrootkit
+-----------------------
+
+ If you are using the `dns' plugin chkrootkit(1) will report collectd as a
+ packet sniffer ("<iface>: PACKET SNIFFER(/usr/sbin/collectd[<pid>])"). The
+ plugin captures all UDP packets on port 53 to analyze the DNS traffic. In
+ this case, collectd is a legitimate sniffer and the report should be
+ considered to be a false positive. However, you might want to check that
+ this really is collectd and not some other, illegitimate sniffer.
+
+
Prerequisites
-------------
--
1.5.3.3.131.g34c6d-dirty
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20071007/a1ce6f8e/attachment.pgp
More information about the collectd
mailing list