이런 황당한 경우가 (rootcheck관련 tcpd업데이트추천)

일반적으로 tcp_wrappers가 설치되고 나면 그 경로가 /usr/sbin/tcpd인데  /usr/bin/tcpd 에 위치하여
루트킷으로 의심하여 ossec-rootcheck (http://ossec.underlinux.com.br/rootcheck/)가 감지하는 것으로
보입니다.
현재 설치된 tcp_wrappers 버젼을 확인하시고 최근의 버젼으로  www.rpmfind.net or http://rpm.pbone.net 에서
다운 받은후 업데이트 하시기 바랍니다.
그리고나서,  다시 /usr/local/rootcheck-0.6/ossec-rootcheck 을 실행하여 보세요...

제경우에는  /usr/sbin/ 경로에  tcpd이 위치하고 있으며, 버젼은 tcp_wrappers-7.6-19 , 운영체제는
레드헷 7.3 , 커널을 2.4.31 입니다. 이 상황에서 저는  tcpd을 루트킷을 감지하지 않고 정상적으로
잘 사용하고 있습니다.

* 제경우 cron daemon을 통하여 이메일로 매일 보고 받는 내용의 예입니다.
--------------------------------------------------------------------------------------------------------------------
Starting rootcheck (http://www.ossec.net/rootcheck)
Be patient, it may take a few minutes to complete...

[OK]: No presence of public rootkits detected. Analized 236 files.

[OK]: No binaries with any trojan detected. Analized 54 files

[OK]: No problem detected on the /dev directory. Analized 14237 files

[FAILED]: File '/etc/spam-word' is:
          - owned by root,
          - has written permissions to anyone.

[FAILED]: File '/var/log/qmail/procmail.log' is:
          - owned by root,
          - has written permissions to anyone.

[FAILED]: Rootkit 'Suspicious' detected by the presence of file '/usr/share/doc/iptraf-3.0.0/Documentation/.log'.

[ERR]: Check the following files for more information:
       rootcheck-rw-rw-rw-.txt (list of world writable files)
       rootcheck-rwxrwxrwx.txt (list of world writtable/executable files)
       rootcheck-suid-files.txt (list of suid files)

[OK]: No hidden process by Kernel-level rootkits.
      /bin/ps is not trojaned. Analized 32768 processes.

[OK]: No kernel-level rootkit hiding any port.
      Netstat is acting correctly. Analized 131072 ports.

[OK]: The following ports are open:
      21 (tcp),25 (tcp),53 (tcp),53 (udp),
      80 (tcp),110 (tcp),111 (tcp),111 (udp),
      143 (tcp),161 (udp),162 (udp),199 (tcp),
      443 (tcp),465 (tcp),953 (tcp),993 (tcp),
      995 (tcp),1975 (tcp),2222 (tcp),2401 (tcp),
      3306 (tcp),4444 (tcp),6000 (tcp),6010 (tcp),
      6011 (tcp),9099 (tcp),22305 (tcp),32789 (udp)

[OK]: No problem detected on ifconfig/ifs. Analized 2 interfaces.
--------------------------------------------------------------------------------------------------------------------

이상.