Which to trust: chkrootkit or rkhunter?
Alan Cox
alan at lxorguk.ukuu.org.uk
Thu Jun 7 16:47:26 UTC 2012
On Thu, 7 Jun 2012 15:16:09 +0000 (UTC)
Beartooth <beartooth at comcast.net> wrote:
>
> One tells me, on several machines, that /sbin/init is infected
> with the Suckit rootkit; the other says not. Is there a way to tell
> whether I'm seeing a false positive or a false negative?
chkrootkit thinks that the new systemd replacement for init is an
infection[1]. Nothing to worry about.
Alan
[1] Some users think likewise but it's not a worm or virus 8)
More information about the users
mailing list