[opensuse] rootkit : Suckit : chkrootkit : Warning: /sbin/init INFECTED
Hello List Running the security program < chkrootkit > this morning, gives the nasty surprise : " Searching for Suckit rootkit... Warning: /sbin/init INFECTED " .............. - however, running program < rkhunter > indicates that there is no suckit rootkit infection ! Which to believe, chkrootkit, or, rkhunter ?? and What please is the best course of action, if action is deemed necessary & prudent ? Thanks best regards Ellan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/03/2013 12:18 PM, ellanios82 wrote:
Hello List
Running the security program < chkrootkit > this morning, gives the nasty surprise :
" Searching for Suckit rootkit... Warning: /sbin/init INFECTED "
..............
- however, running program < rkhunter > indicates that there is no suckit rootkit infection !
Which to believe, chkrootkit, or, rkhunter ??
and
What please is the best course of action, if action is deemed necessary & prudent ?
google for "chrootkit systemd". It looks like chrootkit sees that /sbin/init is a symlink and therefore tells you it's infected. So, trust rkhunter ;) Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/03/2013 01:51 PM, Andreas Jaeger wrote:
google for "chrootkit systemd".
It looks like chrootkit sees that /sbin/init is a symlink and therefore tells you it's infected. So, trust rkhunter ;)
- thank you so much Andreas ............ Happy New Year :) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Andreas Jaeger -
ellanios82