Public bug reported: Binary package hint: chkrootkit
Searching for Suckit rootkit... Warning: /sbin/init INFECTED According to http://cc.jlab.org/docs/security/alerts/ this is an indicator for a SucKit infection: # ls -li /sbin/init /sbin/telinit 172240 -rwxr-xr-x 1 root root 199472 2009-10-15 21:19 /sbin/init 172791 -rwxr-xr-x 1 root root 96568 2009-10-15 21:19 /sbin/telinit http://forums.gentoo.org/viewtopic-t-326062-highlight-suckit.html gives some hints how to verify an infection. As I expected, they show no sign of SucKit. This false positive seems to be popping up since a few years. So I guess the check for SucKit needs improvement... ProblemType: Bug Architecture: amd64 Date: Sun Oct 18 12:42:45 2009 DistroRelease: Ubuntu 9.10 NonfreeKernelModules: fglrx Package: chkrootkit 0.48-10 ProcEnviron: LANG=en_US.UTF-8 SHELL=/bin/bash ProcVersionSignature: Ubuntu 2.6.31-13.44-generic SourcePackage: chkrootkit Uname: Linux 2.6.31-13-generic x86_64 ** Affects: chkrootkit (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug -- False positive for SucKit https://bugs.launchpad.net/bugs/454566 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to chkrootkit in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
