Which to trust: chkrootkit or rkhunter?
Mateusz Marzantowicz
mmarzantowicz at osdf.com.pl
Thu Jun 7 18:31:40 UTC 2012
Beartooth:
> One tells me, on several machines, that /sbin/init is infected
> with the Suckit rootkit; the other says not. Is there a way to tell
> whether I'm seeing a false positive or a false negative?
>
> Fwiw, this result occurs both on an F16 machine, and on an f17
> one with a fresh install. (Both are fully updated.)
>
Here it is said that there might be a bug in chkrootkit:
http://forums.fedoraforum.org/archive/index.php/t-261068.html
It looks like it doesn't recognize systemd or has some other issue with it.
Mateusz Marzantowicz
More information about the users
mailing list