Possible root kit

Discussion in general that pertains to Sabayon Linux - Must Pertain to Sabayon Linux

Moderator: Moderators

Possible root kit

Postby JuanKing » Fri Feb 07, 2014 5:23

After running chkrootkit I am being told my system is infected with the Suckit root kit, how do I tell if my system is genuinely compromised or if this is a false positive? rkhunter doesn't show any issues.


Any advice greatly appreciated.
JuanKing
Baby Hen
 
Posts: 2
Joined: Fri Feb 07, 2014 5:08

Re: Possible root kit

Postby Fitzcarraldo » Fri Feb 07, 2014 6:52

It's not a rootkit, it's a false positive. See e.g. https://bugzilla.redhat.com/show_bug.cgi?id=636231

Mind you, some people think systemd is a rootkit! ;-)
User avatar
Fitzcarraldo
Sagely Hen
 
Posts: 7998
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom

Re: Possible root kit

Postby JuanKing » Fri Feb 07, 2014 8:11

I just installed sabayon on a seperate system and ran all updates to test, I'm not getting the same message with chrootkit which leads me to believe it isn't a false positive. I saw that bug report but it's pretty old.
JuanKing
Baby Hen
 
Posts: 2
Joined: Fri Feb 07, 2014 5:08

Re: Possible root kit

Postby Fitzcarraldo » Fri Feb 07, 2014 8:24

It is a false positive. And the last post in the aforementioned bug report is on 28 Dec. 2013, so not old, and relates to the chkrootkit-0.49-8. So it's recent.
User avatar
Fitzcarraldo
Sagely Hen
 
Posts: 7998
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom

Re: Possible root kit

Postby albfneto » Sat Feb 08, 2014 15:25

Linux RootKits ae quite rare.

However, "False Positives" are not uncommon.
ALBERTO FEDERMAN NETO
albfneto
[email protected]
Favorite Distros: Sabayon, Gentoo, Mageia and OpenSUSE
User avatar
albfneto
Sagely Hen
 
Posts: 1728
Joined: Fri Nov 16, 2007 1:15
Location: Ribeirão Preto City, São Paulo State, Brazil


Return to Sabayon Linux General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

cron