Re: Should I install chkrootkit?

To: debian-user@lists.debian.org
Subject: Re: Should I install chkrootkit?
From: Brian <ad44@cityscape.co.uk>
Date: Fri, 6 Jun 2014 20:07:36 +0100
Message-id: <[🔎] 06062014194912.e00549dff935@desktop.copernicus.demon.co.uk>
In-reply-to: <[🔎] 87lhta2rud.fsf@orac.fil>
References: <[🔎] 1401881925.65741.YahooMailNeo@web141002.mail.bf1.yahoo.com> <[🔎] 20140604122920.GU5101@europecamions-interactive.com> <[🔎] bvc9b2Fs5t6U1@mid.individual.net> <[🔎] 87lhta2rud.fsf@orac.fil>

On Fri 06 Jun 2014 at 13:35:38 +0200, Filip wrote:

> Do you have systemd-sysv installed ? When that package is installed
> /sbin/init is a symlink to systemd and I have heard that chkrootkit
> gives false positives for the suckit rootkit with that.

chkrootkit gives false positives as a matter of course. There is no well
documented description of it ever discovering anything malign.

> You could double-check with rkhunter.

This person did:

   http://www.howtoforge.com/forums/showthread.php?t=42109

suckit apparently enters through /dev/kmem.

  brian@desktop:~$ ls -l /dev/kmem
  ls: cannot access /dev/kmem: No such file or directory

Reply to:

References:
- Should I install chkrootkit?
  - From: Horatio Leragon <hleragon@yahoo.com>
- Re: Should I install chkrootkit?
  - From: David Guyot <david.guyot@europecamions-interactive.com>
- Re: Should I install chkrootkit?
  - From: Charles Kroeger <ckrogrr@frankensteinface.com>
- Re: Should I install chkrootkit?
  - From: Filip <filip@fbvnet.be>

Prev by Date: Re: Post-installation: how to auto-configure network adapter (ie. enable internet access)?
Next by Date: Re: Post-installation: how to auto-configure network adapter (ie. enable internet access)?
Previous by thread: Re: Should I install chkrootkit?
Next by thread: Re: Should I install chkrootkit?
Index(es):
- Date
- Thread