[Novalug] chkrootkit question

Jeremy Hoel jthoel@gmail.com
Thu Sep 18 00:18:22 EDT 2014


On Sep 17, 2014 11:07 AM, "Jon LaBadie via Novalug" <
novalug@firemountain.net> wrote:
>
> On Wed, Sep 17, 2014 at 12:44:49PM -0500, Beartooth via Novalug wrote:
> >
> > Subject: chkrootkit question
> >
> >       I've just installed (via yum on Fedora 20) and run
> > chkrootkit. It seems to bless all but this:
> >
> > Searching for Suckit rootkit... Warning: /sbin/init INFECTED
> >
> >       Following symlinks takes me as far as
> >
> > "../lib/systemd/systemd" . Then I get
> >
> > [root@localhost /]# file ../lib/systemd/systemd
> > ../lib/systemd/systemd: ELF 64-bit LSB shared object, x86-64,
> > version 1 (SYSV), dynamically linked (uses shared libs), for
> > GNU/Linux 2.6.32,
> > BuildID[sha1]=ff96693be556e88f29157d0a8c965be423eb1828, stripped
> > [root@localhost /]# du -h ../lib/systemd/systemd
> > 1.2M  ../lib/systemd/systemd
> > [root@localhost /]#
> >
> >       What do I do now?
> >
>
> After your note I installed chkrootkit on my F20 system.
>
> I get the same message.
>
> An internet search suggest it is a known positive.
> Basically chkrootkit considers systemd to be a malicious rootkit.
>

I'm sure that will help fuel the fire for the hate against systemd



More information about the Novalug mailing list