FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-08-2012, 03:48 PM
Kevin Fenzi
 
Default chkrootkit output

On Tue, 08 May 2012 10:46:13 -0600
JD <jd1008@gmail.com> wrote:

> Searching for Suckit rootkit... Warning: /sbin/init INFECTED
>
> lrwxrwxrwx 1 root root 14 May 8 10:19 /sbin/init -> ../bin/systemd
> rwxr-x-r-x 1 root root 917320 Apr 17 01:50 /bin/systemd
> $ sha256sum /bin/systemd
> 73054e573603f8894c6df2078b7714f7533d5b95653b536e7f 07d2c8f3f09bc1
> /bin/systemd
>
> Is chkrootkit confused?

Yes.

https://bugzilla.redhat.com/show_bug.cgi?id=636231

kevin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-08-2012, 03:54 PM
Alan Cox
 
Default chkrootkit output

On Tue, 08 May 2012 10:46:13 -0600
JD <jd1008@gmail.com> wrote:

> Searching for Suckit rootkit... Warning: /sbin/init INFECTED
>
> lrwxrwxrwx 1 root root 14 May 8 10:19 /sbin/init -> ../bin/systemd
> rwxr-x-r-x 1 root root 917320 Apr 17 01:50 /bin/systemd
> $ sha256sum /bin/systemd
> 73054e573603f8894c6df2078b7714f7533d5b95653b536e7f 07d2c8f3f09bc1
> /bin/systemd
>
> Is chkrootkit confused?

Yes and no. It correctly detects that your /sbin/init is something hideous
and nasty, but fails to realise that it's something hideous and nasty that
Fedora ships 8)

In all seriousness its a bug in chkrootkit, which has been reported
repeatedly and ignored repeatedly. It treats the linked /sbin/init as
suspicious because some rootkits did exactly that.

Alan


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-08-2012, 04:46 PM
JD
 
Default chkrootkit output

Searching for Suckit rootkit... Warning: /sbin/init INFECTED

lrwxrwxrwx 1 root root 14 May 8 10:19 /sbin/init -> ../bin/systemd
rwxr-x-r-x 1 root root 917320 Apr 17 01:50 /bin/systemd
$ sha256sum /bin/systemd
73054e573603f8894c6df2078b7714f7533d5b95653b536e7f 07d2c8f3f09bc1
/bin/systemd


Is chkrootkit confused?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-08-2012, 04:51 PM
Bill Davidsen
 
Default chkrootkit output

Alan Cox wrote:

On Tue, 08 May 2012 10:46:13 -0600
JD<jd1008@gmail.com> wrote:


Searching for Suckit rootkit... Warning: /sbin/init INFECTED

lrwxrwxrwx 1 root root 14 May 8 10:19 /sbin/init -> ../bin/systemd
rwxr-x-r-x 1 root root 917320 Apr 17 01:50 /bin/systemd
$ sha256sum /bin/systemd
73054e573603f8894c6df2078b7714f7533d5b95653b536e7f 07d2c8f3f09bc1
/bin/systemd

Is chkrootkit confused?


Yes and no. It correctly detects that your /sbin/init is something hideous
and nasty, but fails to realise that it's something hideous and nasty that
Fedora ships 8)

In all seriousness its a bug in chkrootkit, which has been reported
repeatedly and ignored repeatedly. It treats the linked /sbin/init as
suspicious because some rootkits did exactly that.

Nothing encourages disregarding warnings like a daily false alarm. It's a shame,
but I but lots of people ignore or disable it because of that.



--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 02:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org