On Mon, Jun 23, 2014 at 07:28:15PM +0100, Brian wrote: > On Mon 23 Jun 2014 at 19:56:15 +0400, Reco wrote: > > > On Mon, Jun 23, 2014 at 10:03:30AM +0200, François Patte wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Bonjour, > > > > > > I get this alert message (concerning lightdm) from chkrootkit > > > > > > ! RUID PID TTY CMD > > > ! root 3153 tty7 /usr/bin/X :0 -seat seat0 -auth > > > /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch > > > > > > What does it mean? > > > > A false positive. See this, for example: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677315 > > There is no well-documented case of chrootkit ever giving a true > positive; false positives are its stock in trade. What do you expect of > a program which searches for things which do not exist or which have no > relevance (if they ever had) on a modern Linux? Are you saying that rootkits don't exist on "modern" Linux? http://www.theregister.co.uk/2012/11/21/powerful_linux_rootkit/ http://www.linuxjournal.com/content/linux-even-rootkits-are-open-source http://www.techrepublic.com/article/rootkit-threats-move-beyond-linux-to-windows-systems/ > > Clapping loudly is very effective at keeping elephants out of my garden. :) > What use is chkrootkit? > > (Yes, I know it doesn't answer the question, but my response could lead > to a mass purging of chkrootkit from users' systems :) ). > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > Archive: [🔎] 20140623182815.GH29355@copernicus.demon.co.uk">https://lists.debian.org/[🔎] 20140623182815.GH29355@copernicus.demon.co.uk >
Attachment:
signature.asc
Description: Digital signature