Possible root kit

Discussion in general that pertains to Sabayon Linux - Must Pertain to Sabayon Linux

Moderator: Moderators

Post Reply
JuanKing
Baby Hen
Posts: 2
Joined: Fri Feb 07, 2014 5:08

Possible root kit

Post by JuanKing » Fri Feb 07, 2014 5:23

After running chkrootkit I am being told my system is infected with the Suckit root kit, how do I tell if my system is genuinely compromised or if this is a false positive? rkhunter doesn't show any issues.


Any advice greatly appreciated.

User avatar
Fitzcarraldo
Sagely Hen
Posts: 8091
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom
Contact:

Re: Possible root kit

Post by Fitzcarraldo » Fri Feb 07, 2014 6:52

It's not a rootkit, it's a false positive. See e.g. https://bugzilla.redhat.com/show_bug.cgi?id=636231

Mind you, some people think systemd is a rootkit! ;-)

JuanKing
Baby Hen
Posts: 2
Joined: Fri Feb 07, 2014 5:08

Re: Possible root kit

Post by JuanKing » Fri Feb 07, 2014 8:11

I just installed sabayon on a seperate system and ran all updates to test, I'm not getting the same message with chrootkit which leads me to believe it isn't a false positive. I saw that bug report but it's pretty old.

User avatar
Fitzcarraldo
Sagely Hen
Posts: 8091
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom
Contact:

Re: Possible root kit

Post by Fitzcarraldo » Fri Feb 07, 2014 8:24

It is a false positive. And the last post in the aforementioned bug report is on 28 Dec. 2013, so not old, and relates to the chkrootkit-0.49-8. So it's recent.

User avatar
albfneto
Sagely Hen
Posts: 1854
Joined: Fri Nov 16, 2007 1:15
Location: Ribeirão Preto City, São Paulo State, Brazil
Contact:

Re: Possible root kit

Post by albfneto » Sat Feb 08, 2014 15:25

Linux RootKits ae quite rare.

However, "False Positives" are not uncommon.
ALBERTO FEDERMAN NETO
albfneto
[email protected]
Favorite Distros: Sabayon, Gentoo, Mageia and OpenSUSE

Post Reply