[Bug 454566] Re: False positive for SucKit
Lupe Christoph
lupe at lupe-christoph.de
Wed Feb 10 16:01:12 GMT 2010
I have seen this problem pop up a few times since I reported it and
vanish again. Must be related to Phase of Moon. Right now it has
disappeared:
Searching for Suckit rootkit... nothing
found
chkrootkit:
Installed: 0.48-10
The version of chkrootkit is still the same, only /sbin/init and
/sbin/telinit have changed.
# ls -li /sbin/init /sbin/telinit
172201 -rwxr-xr-x 1 root root 199472 2009-12-10 18:00 /sbin/init
172637 -rwxr-xr-x 1 root root 96568 2009-12-10 18:00 /sbin/telinit
Looking at the code in chkrootkit, the difference is that /sbin/init
does no longer contain the string "HOME". The changelog of the "upstart"
package does not mention"HOME", so I can't tell if they fixed this
intentionally. The only update since I created the bug report is
0.6.3-11, so this must have fixed it. The strange thing is that I see
nothing in that update that would have deleted "HOME".
http://launchpadlibrarian.net/36606433/upstart_0.6.3-10_0.6.3-11.diff.gz
I'd rather not rely on upstart taking care of problems in chkrootkit...
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
More information about the Ubuntu-server-bugs
mailing list