Hi everybody. I happen to run checkrootkit on my Linux boxes periodically. Today was my first time on SuSE9.1. I noticed that chkrootkit-0.43 claims that both /usr/bin/top and /usr/bin/find are infected with rootkits. As a precaution, I've reinstalled the packages for procps (contains top,)and findutils (contains find) from the distribution DVD, but get the same result. I got the chkrootkit off of www.chkrootkit.org and verified the md5 checksum of the 0.43 tarball. I assume that chkrootkit-0.43 isn't up to date enough to produce a correct reading. Am I safe in this assumption? Perhaps I'm way off here. If so, can anyone set me straight? Thanks in advance. -- JAY VOLLMER JVOLLMER@CONSOLIDATEDLINT.COM TEXT REFS DOUBLEPLUSUNGOOD SELFTHINK VERGING CRIMETHINK IGNORE FULLWISE
On Monday 07 June 2004 9:39 pm, Jay Vollmer wrote:
Hi everybody.
I happen to run checkrootkit on my Linux boxes periodically. Today was my first time on SuSE9.1. I noticed that chkrootkit-0.43 claims that both /usr/bin/top and /usr/bin/find are infected with rootkits.
I see the same, but I'm pretty sure it's a false positive. See this post regarding TOP on SuSE 9.0 http://cert.uni-stuttgart.de/archive/suse/security/2004/02/msg00006.html Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.4-54.5-default
On Tuesday 08 Jun 2004 07:03, Scott Leighton wrote:
On Monday 07 June 2004 9:39 pm, Jay Vollmer wrote:
Hi everybody.
I happen to run checkrootkit on my Linux boxes periodically. Today was my first time on SuSE9.1. I noticed that chkrootkit-0.43 claims that both /usr/bin/top and /usr/bin/find are infected with rootkits.
I see the same, but I'm pretty sure it's a false positive. See this post regarding TOP on SuSE 9.0
http://cert.uni-stuttgart.de/archive/suse/security/2004/02/msg00006.html
Scott
-- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.4-54.5-default
Hi .. just run rkhunter (fresh download) it seems to find 5 mismatched MD5 checksums here Suse 9.1 update to 9.0 i know that 9.0 was clear of problems so it may be that 9.1 has a wee problem .. Pete -- Linux user No: 256242 Machine No: 139931 G6NJR Pete also MSA registered "Quinton 11" A Linux Only area Happy bug hunting M$ clan PGN
peter Nikolic wrote:
just run rkhunter (fresh download) it seems to find 5 mismatched MD5 checksums here Suse 9.1 update to 9.0 i know that 9.0 was clear of problems so it may be that 9.1 has a wee problem ..
rkunter shows 6 mismatched things here on 9.1. The "checking binaries" section has mount, dmesg, login, depmod, insmod and modinfo flagged as BAD. Hard to believe really. This is a fresh install yesterday, though potentially compromised I guess by using apt-get against the full 9.1 repositories like packman et al. :) Fish
Jay Vollmer wrote:
Hi everybody.
I happen to run checkrootkit on my Linux boxes periodically. Today was my first time on SuSE9.1. I noticed that chkrootkit-0.43 claims that both /usr/bin/top and /usr/bin/find are infected with rootkits.
I have the same results, so I'm also hoping this is a false positive. The most recent version of chkrootkit seems to date from Dec 2003 so it may be a bit out of date now. :) Fish
participants (4)
-
Jay Vollmer
-
Mark Crean
-
peter Nikolic
-
Scott Leighton