Results 1 to 4 of 4

Thread: Beware of chkrootkit issue with systemd!

  1. #1
    Join Date
    Aug 2008
    Location
    Pitesti, Arges County, Romania
    Posts
    595

    Exclamation Beware of chkrootkit issue with systemd!

    Updated today from from Tumbleweed with 11.4 as base to Tumbleweed with 12.1 as base. As we all know systemd is the default boot process manager instead of sysvinit. On my computer i have chkrootkit and rkhunter installed to take care of files even if i only have port http 80 with no php application running on my small site. While chkrootkit was running it gives me the following lines:

    Code:
    ...
    Searching for Suckit rootkit... Warning: /sbin/init INFECTED
    ...
    Checking `wted'... 1 deletion(s) between Thu Nov 17 11:29:12 2011 and Thu Nov 17 11:29:22 2011
    1 deletion(s) between Thu Nov 17 11:30:45 2011 and Thu Nov 17 11:33:43 2011
    1 deletion(s) between Thu Nov 17 12:10:23 2011 and Thu Nov 17 12:10:34 2011
    1 deletion(s) between Thu Nov 17 12:59:33 2011 and Thu Nov 17 12:59:39 2011
    1 deletion(s) between Thu Nov 17 13:15:53 2011 and Thu Nov 17 13:16:09 2011
    1 deletion(s) between Thu Nov 17 13:20:07 2011 and Thu Nov 17 13:20:11 2011
    1 deletion(s) between Thu Nov 17 13:21:56 2011 and Thu Nov 17 13:22:10 2011
    1 deletion(s) between Thu Nov 17 13:36:22 2011 and Thu Nov 17 13:36:27 2011
    1 deletion(s) between Thu Nov 17 13:51:13 2011 and Thu Nov 17 13:51:16 2011
    1 deletion(s) between Thu Nov 17 15:05:34 2011 and Thu Nov 17 15:05:37 2011
    1 deletion(s) between Thu Nov 17 15:07:41 2011 and Thu Nov 17 15:20:45 2011
    1 deletion(s) between Thu Nov 17 15:23:54 2011 and Thu Nov 17 15:24:48 2011
    1 deletion(s) between Thu Nov 17 20:15:11 2011 and Thu Nov 17 20:15:25 2011
    ...
    After using Google i came across bug 743696 from a Fedora user https://bugzilla.redhat.com/show_bug.cgi?id=743696 that has the same issues. Another one related is this https://bugzilla.redhat.com/show_bug.cgi?id=636231
    If using chkrootkit and you see lines like this don`t worry its a false-positive; try rkhunter instead and you will see that nothing is wrong and Suckit rootkit is not present.

    Good day
    openSUSE Community Member: -> en.opensuse.org/User:Creatura85
    Connect Profile:
    -> connect.opensuse.org/pg/profile/creatura85
    openSUSE Romania Member: -> suseromania.ro

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Beware of chkrootkit issue with systemd!

    On 2011-11-17 19:56, creatura85 wrote:
    > Updated today from from Tumbleweed with 11.4 as base to Tumbleweed with
    > 12.1 as base. As we all know systemd is the default boot process manager
    > instead of sysvinit. On my computer i have chkrootkit and rkhunter
    > installed to take care of files even if i only have port http 80 with no
    > php application running on my small site. While chkrootkit was running
    > it gives me the following lines:


    If the tool was obtained from openSUSE, you should report that in bugzilla.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  3. #3
    Join Date
    Aug 2008
    Location
    Pitesti, Arges County, Romania
    Posts
    595

    Default Re: Beware of chkrootkit issue with systemd!

    Yes it was obtained from openSUSE Repo`s.
    openSUSE Community Member: -> en.opensuse.org/User:Creatura85
    Connect Profile:
    -> connect.opensuse.org/pg/profile/creatura85
    openSUSE Romania Member: -> suseromania.ro

  4. #4
    Join Date
    Aug 2008
    Location
    Pitesti, Arges County, Romania
    Posts
    595

    Default Re: Beware of chkrootkit issue with systemd!

    openSUSE Community Member: -> en.opensuse.org/User:Creatura85
    Connect Profile:
    -> connect.opensuse.org/pg/profile/creatura85
    openSUSE Romania Member: -> suseromania.ro

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •