Chkrootkit and other tools that scan for rootkits sometimes report a python related ‘.path’ file as suspect.

Example:

/usr/lib/pymodules/python2.6/.path

The script/binary responsible for creating that file is /usr/sbin/update-python-modules

from the Debian & Ubuntu package python-support

code extract from /usr/sbin/update-python-modules

There is no harm in understanding how to adapt chkrootkit or alternatives to ignore a list of locally recognised false positives, however some might consider this ‘false positive’ a bug.

Advertisements