Alan Cox wrote:
On Tue, 08 May 2012 10:46:13 -0600
Searching for Suckit rootkit... Warning: /sbin/init INFECTED
lrwxrwxrwx 1 root root 14 May 8 10:19 /sbin/init -> ../bin/systemd
rwxr-x-r-x 1 root root 917320 Apr 17 01:50 /bin/systemd
$ sha256sum /bin/systemd
Is chkrootkit confused?
Yes and no. It correctly detects that your /sbin/init is something hideous
and nasty, but fails to realise that it's something hideous and nasty that
Fedora ships 8)
In all seriousness its a bug in chkrootkit, which has been reported
repeatedly and ignored repeatedly. It treats the linked /sbin/init as
suspicious because some rootkits did exactly that.
Nothing encourages disregarding warnings like a daily false alarm. It's a shame,
but I but lots of people ignore or disable it because of that.
Bill Davidsen <email@example.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
users mailing list
To unsubscribe or change subscription options:
Have a question? Ask away: http://ask.fedoraproject.org