Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#740898: chkrootkit: falsely flags Suckit rootkit when systemd is /sbin/init
4 views
Skip to first unread message
brian m. carlson
Mar 5, 2014, 7:00:01 PM3/5/14
to
Package: chkrootkit
Version: 0.49-4.1
Severity: normal
chkrootkit flags /sbin/init as being infected with the Suckit rootkit
when systemd is installed and is the default init. I believe this is
because with systemd, the binary contains the string "HOME". rkhunter
does not believe my system is actually infected, so I am inclined to
believe that this is a false positive.
It is probably a good idea to fix this, as virtually every jessie system
is going to be flagged otherwise.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chkrootkit depends on:
ii binutils 2.24-4
ii cdebconf [debconf-2.0] 0.188
ii debconf [debconf-2.0] 1.5.52
ii libc6 2.18-4
ii net-tools 1.60-25
ii procps 1:3.3.9-4
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information excluded
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Version: 0.49-4.1
Severity: normal
chkrootkit flags /sbin/init as being infected with the Suckit rootkit
when systemd is installed and is the default init. I believe this is
because with systemd, the binary contains the string "HOME". rkhunter
does not believe my system is actually infected, so I am inclined to
believe that this is a false positive.
It is probably a good idea to fix this, as virtually every jessie system
is going to be flagged otherwise.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chkrootkit depends on:
ii binutils 2.24-4
ii cdebconf [debconf-2.0] 0.188
ii debconf [debconf-2.0] 1.5.52
ii libc6 2.18-4
ii net-tools 1.60-25
ii procps 1:3.3.9-4
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information excluded
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
0 new messages