chkrootkit output
Bill Davidsen
davidsen at tmr.com
Tue May 8 16:51:12 UTC 2012
Alan Cox wrote:
> On Tue, 08 May 2012 10:46:13 -0600
> JD<jd1008 at gmail.com> wrote:
>
>> Searching for Suckit rootkit... Warning: /sbin/init INFECTED
>>
>> lrwxrwxrwx 1 root root 14 May 8 10:19 /sbin/init -> ../bin/systemd
>> rwxr-x-r-x 1 root root 917320 Apr 17 01:50 /bin/systemd
>> $ sha256sum /bin/systemd
>> 73054e573603f8894c6df2078b7714f7533d5b95653b536e7f07d2c8f3f09bc1
>> /bin/systemd
>>
>> Is chkrootkit confused?
>
> Yes and no. It correctly detects that your /sbin/init is something hideous
> and nasty, but fails to realise that it's something hideous and nasty that
> Fedora ships 8)
>
> In all seriousness its a bug in chkrootkit, which has been reported
> repeatedly and ignored repeatedly. It treats the linked /sbin/init as
> suspicious because some rootkits did exactly that.
>
Nothing encourages disregarding warnings like a daily false alarm. It's a shame,
but I but lots of people ignore or disable it because of that.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list