PDA

View Full Version : chkrootkit on F15


monkeywrench
5th April 2011, 09:44 AM
I ran chkrootkit several times on a 4-day old fully updated F15 and got a warning that /sbin/init is infected by suckit rootkit. So, I did a clean install once more without updates and ran chkrootkit again and suckit rootkit is still there. Guess I'll have to wait for the final release before migrating to F15.

DBelton
5th April 2011, 01:50 PM
That sounds right if you have systemd installed.

systemd will symlink /sbin/init back to /bin/systemd

chkrootkit probably hasn't been updated to recognize this yet, so probably thinks that /sbin/init has been hijacked by a rootkit.

What you are getting from chkrootkit is probably wrong and I would think a bug should be filed against it.

It was also reported against F14 when systemd was installed as well.

https://bugzilla.redhat.com/show_bug.cgi?id=636231

monkeywrench
5th April 2011, 04:53 PM
That sounds right if you have systemd installed.

systemd will symlink /sbin/init back to /bin/systemd

chkrootkit probably hasn't been updated to recognize this yet, so probably thinks that /sbin/init has been hijacked by a rootkit.

What you are getting from chkrootkit is probably wrong and I would think a bug should be filed against it.

It was also reported against F14 when systemd was installed as well.

https://bugzilla.redhat.com/show_bug.cgi?id=636231
You're right. I have downloaded another copy of the Live iso and verified its integrity before I made another clean install just to make sure. Nothing has changed. I had just filed a bug report at Bugzilla.

Station Denderleeuw Travel Photos on Instagram - Centro Comercial Albrook Mall Travel Photos - La perla pixan cuisine & mezcal store Instagram Photos - Okonomi khonkaen - Noto - Sicilia Photos on Instagram