Re: chkrootkit message
On Mon 23 Jun 2014 at 19:56:15 +0400, Reco wrote:
> On Mon, Jun 23, 2014 at 10:03:30AM +0200, François Patte wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Bonjour,
> >
> > I get this alert message (concerning lightdm) from chkrootkit
> >
> > ! RUID PID TTY CMD
> > ! root 3153 tty7 /usr/bin/X :0 -seat seat0 -auth
> > /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
> >
> > What does it mean?
>
> A false positive. See this, for example:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677315
There is no well-documented case of chrootkit ever giving a true
positive; false positives are its stock in trade. What do you expect of
a program which searches for things which do not exist or which have no
relevance (if they ever had) on a modern Linux?
Clapping loudly is very effective at keeping elephants out of my garden. :)
What use is chkrootkit?
(Yes, I know it doesn't answer the question, but my response could lead
to a mass purging of chkrootkit from users' systems :) ).
Reply to: