Re: chkrootkit output

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Alan Cox wrote:
On Tue, 08 May 2012 10:46:13 -0600
JD<jd1008@xxxxxxxxx>  wrote:

Searching for Suckit rootkit... Warning: /sbin/init INFECTED

lrwxrwxrwx 1 root root 14 May  8 10:19 /sbin/init ->  ../bin/systemd
rwxr-x-r-x    1 root root 917320 Apr 17 01:50 /bin/systemd
$ sha256sum /bin/systemd
73054e573603f8894c6df2078b7714f7533d5b95653b536e7f07d2c8f3f09bc1
/bin/systemd

Is chkrootkit confused?

Yes and no. It correctly detects that your /sbin/init is something hideous
and nasty, but fails to realise that it's something hideous and nasty that
Fedora ships 8)

In all seriousness its a bug in chkrootkit, which has been reported
repeatedly and ignored repeatedly. It treats the linked /sbin/init as
suspicious because some rootkits did exactly that.

Nothing encourages disregarding warnings like a daily false alarm. It's a shame, but I but lots of people ignore or disable it because of that.


--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



Photo 4 Less

[Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Find Someone Special]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

Add to Google Powered by Linux