** Package changed: chkrootkit (Ubuntu) => cyborg
** Changed in: cyborg
Assignee: (unassigned) => mit (mit2596)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
** Branch linked: lp:ubuntu/vivid-proposed/chkrootkit
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifications about this
** Changed in: chkrootkit (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage
This bug was fixed in the package chkrootkit - 0.50-3ubuntu1
---
chkrootkit (0.50-3ubuntu1) vivid; urgency=low
* Merge from Debian unstable. (LP: #454566) Remaining changes:
- debian/patches/fix-stack-smash.patch:
+ Fix segfault when running chkrootkit. (Closes: #767403)
** Bug watch added: Debian Bug tracker #740898
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740898
** Also affects: chkrootkit (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740898
Importance: Unknown
Status: Unknown
--
You received this bug notification
Looking at the patch applied in F21, it doesn't seem like Fedora
actually fixed it. They simply check whether /sbin/init is a link to
systemd, and ignore the report if so.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in
Fedora fixed it in FC21 with chkrootkit-0.50-4.fc2.
https://bugzilla.redhat.com/show_bug.cgi?id=636231#c1
** Bug watch added: Red Hat Bugzilla #636231
https://bugzilla.redhat.com/show_bug.cgi?id=636231
--
You received this bug notification because you are a member of Ubuntu
Server Team,
+1 to backporting chkrootkit 0.50.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifications about this bug go to:
Current version of chkrootkit is 0.50, released on June 4th, 2014. Maybe
we could get that version packaged up and backported?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Alright did some checking for myself, I just went ahead and did the
sha256sum checks on my own as well as hardlink check.
I've made a tutorial to check yourself
--
Testing with Sha256sum/md5sum
First we want to make a sha256sum or md5sum of the init in our system. To do
Confirmed still exists even in Linux Mint. No idea why Ubuntu has this
problem. Maybe it's not a false positive? Who really knows.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
Following comment #30,I've also verified the md5sum of my /sbin/init
with the original package on http://packages.ubuntu.com/ and they do
match.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
Same here on Lubuntu 14.04 : on a new install chkrootkit reports Warning:
/sbin/init INFECTED but then there's no evidence of this with repeated passes
of unhide and rkhunter.
Apparently,also running chkrootkit -x and chkrootkit -x does not report the
infection,as far as I can see.
--
You
I also get this notice on 14.04 and Linux Mint 17(based on 14.04)
chkroothit -n
Searching for Suckit rootkit...Warning: /sbin/init INFECTED
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
Just upgraded two machines to 14.04; one of them is still getting this.
I wonder why there is no option on Ubuntu's and put your money where
your mouth is page for fix known bugs instead of fiddling with the
GUI.
--
You received this bug notification because you are a member of Ubuntu
Server
After an upgrade from 12.04 to 14.04 I got a scared with the message
suckit rootkit detected, too. rkhunter does not find anything. Here is
the MD5SUM of my /sbin/init
c9b343f85e6804e2d7ee70b810b1a15a /sbin/init
which is the same as found in /var/lib/dpkg/info/upstart.md5sums.
--
You received
In most major new distros (including redhat and ubuntu) strings /sbin/init |
grep HOME returns:
XDG_CACHE_HOME
XDG_CONFIG_HOME
which still triggers an alert (false positive) for suckit rootkit in
14.04.
I checked the suckit source, and it gives:
sk2rc2$ strings ./src/sk | grep HOME
HOME=%s
So
heres a patch for it
** Patch added: Chkroot suckit false positive fix
https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/454566/+attachment/4095317/+files/chkrootkit_suckit_false_positive.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team,
The attachment Chkroot suckit false positive fix seems to be a patch.
If it isn't, please remove the patch flag from the attachment, remove
the patch tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
exits in
xubuntu 13.10 32bit
and you may get egrep not found error as well
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage
PROBLEM STILL EXISTS ON 14.04 LTS!!!
please either fix chkrootkit or change /sbin/init - I hope in a more
security aware post snowden era this will now trigger some more action -
certainly many users will be very irritated about this.
This does not happen on other distros. Must be fixed before
Problem still exists on 13.10 / amd64. I've dumped /sbin/init with
debugfs, compared it with the one from the package and they are
identical. /sbin/init seems to match 'HOME' and /proc/1/maps does not
match 'init.'
--
You received this bug notification because you are a member of Ubuntu
Server
Yes same for me with a fresh install of 13.04 this bug still shows
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage
This went away in 12.10 and reappared when I upgraded to 13.04.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifications
For those similarly affected: I recently reinstalled the upstart package
(0.6.5-8) on Lucid (10.04.4) and then received the Suckit [false] flag
from chkrootkit 0.49-3 (as well as the version in Debian Wheezy
(0.49-4.1)). After restarting the server, the flag disappeared. So, it
appears to be
Same here, also a falsepos (conclusion after doing the other usual tests
for Suckit). The problem exists in Lucid Lynx:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 10.04.2 LTS
Release:10.04
Codename: lucid
$ apt-cache show chkrootkit
+1 on Maverick after installing upstart 0.6.6-4 on 2011-02-11.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
--
Ubuntu-server-bugs
Confirmed on Maverick.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
--
Ubuntu-server-bugs mailing list
** Changed in: chkrootkit (Ubuntu)
Importance: Wishlist = Medium
** Changed in: chkrootkit (Ubuntu)
Status: Incomplete = Confirmed
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team,
Same thing for me. After my Lucid box ran weekly updates I started
seeing the Searching for Suckit rootkit... Warning: /sbin/init
INFECTED message from chkrootkit.
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of
i have exact the same behavior and output as Maxime wrote in #14.
This false positive happens on my box since 17.08.2010 after this update:
Preparing to replace upstart 0.6.5-6 (using
.../upstart_0.6.5-7_amd64.deb)
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received
I can confirm the issue on Lucid. It's probably related to an upstart
update to 0.6.5-7.
# lsb_release -d
Description:Ubuntu 10.04.1 LTS
# chkrootkit -V
chkrootkit version 0.49
# chkrootkit
[...]
Searching for Suckit rootkit... Warning: /sbin/init
INFECTED
I've got a reproduction here on a Lucid install.
Linux Neptune 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 06:07:29 UTC
2010 i686 GNU/Linux
mes...@neptune:/sbin$ sudo chkrootkit -V
chkrootkit version 0.49
Searching for Suckit rootkit... Warning:
/sbin/init INFECTED
can you try to reproduce this on lucid please?
chuck
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
--
Ubuntu-server-bugs mailing list
On Wednesday, 2010-04-28 at 18:09:39 -, Chuck Short wrote:
can you try to reproduce this on lucid please?
Searching for Suckit rootkit... nothing
found
I believe the false positive was gone for quite a while, probably due to
changes in init.
Lupe Christoph
--
|
False positives with such tools come with the territory. Refused as a
server papercut during 20100217 meeting.
** Changed in: server-papercuts
Status: New = Invalid
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a
I'm pretty sure I saw the string HOME in /sbin/init, but I can't prove
it anymore.
BTW, expertmode_output is just debugging:
expertmode_output() {
echo ###
echo ### Output of: $1
echo ###
eval $1 21
#cat EOF
#`$1 21`
#EOF
return 0
}
--
False positive for SucKit
** Also affects: server-papercuts
Importance: Undecided
Status: New
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
--
Just tried on latest karmic and it does not fail:
ii chkrootkit 0.48-10
ii upstart0.6.3-11
$ ls -li /sbin/init /sbin/telinit
444149 -rwxr-xr-x 1 root root 169676 2009-12-10 17:19 /sbin/init
448912 -rwxr-xr-x 1 root root 79312 2009-12-10 17:19 /sbin/telinit
Can you please confirm
I have seen this problem pop up a few times since I reported it and
vanish again. Must be related to Phase of Moon. Right now it has
disappeared:
Searching for Suckit rootkit... nothing
found
chkrootkit:
Installed: 0.48-10
The version of chkrootkit is still the
I don't think that chkrootkit alerting about this rootkit is related to
upstart init changes, but the output from /proc/1/maps instead.
Something like this should improve the test:
expertmode_output ${egrep} '^[^/]+${ROOTDIR}sbin/init.'
${ROOTDIR}proc/1/maps
What do you think?
--
False
Confirmed in Karmic. I posted this to the Ubuntu forums and was referred this
bug report.
My forums post is here:http://ubuntuforums.org/showthread.php?t=1386791
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of
Thanks for the bug report. This will be looked at again for karmic+1.
Regards
chuck
** Changed in: chkrootkit (Ubuntu)
Importance: Low = Wishlist
** Changed in: chkrootkit (Ubuntu)
Status: Incomplete = Confirmed
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You
Thanks for the bug report. I was wondering if you have any suggestion to
improve it.
Thanks
chuck
** Changed in: chkrootkit (Ubuntu)
Importance: Undecided = Low
** Changed in: chkrootkit (Ubuntu)
Status: New = Incomplete
--
False positive for SucKit
On Monday, 2009-10-19 at 13:18:45 -, Chuck Short wrote:
Thanks for the bug report. I was wondering if you have any suggestion to
improve it.
Well, as there are some finer tests on the page I mentioned, what about
implementing them in chkrootkit?
Lupe Christoph
--
| There is no substitute
** Attachment added: Dependencies.txt
http://launchpadlibrarian.net/33872395/Dependencies.txt
** Attachment added: XsessionErrors.txt
http://launchpadlibrarian.net/33872396/XsessionErrors.txt
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug
46 matches
Mail list logo
