Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
/sbin/init issue
02-16-2018, 07:32 AM
Post: #1
/sbin/init issue
Tonight I ran #chkrootkit
and I got ihis message:
Code:
Searching for Suckit rootkit...                             Warning: /sbin/init INFECTED
This is the first time chkrootkit found something bad (apparently).
What should I do?
Find all posts by this user
Quote this message in a reply
02-16-2018, 09:22 AM
Post: #2
RE: /sbin/init issue
Seems to me to be a false positive.
See this old but still relevant discussion https://askubuntu.com/questions/25176/ch...-that-mean
Visit this user's website Find all posts by this user
Quote this message in a reply
02-16-2018, 04:37 PM
Post: #3
RE: /sbin/init issue
Phew! A false postive. Thank you, leszek.

Ran rkhunter & got these warnings (but no errors):

Code:
Performing filesystem checks
    Checking /dev for suspicious file types                  [ Warning ]
    Checking for hidden files and directories                [ Warning ]

and yes, rkhunter showed a negative on Suckit:
Code:
Suckit Rootkit                                    [ Not found ]
and
Code:
Performing additional rootkit checks
[09:18:16]
[09:18:16]   Performing Suckit Rookit additional checks
[09:18:16]     Checking hard link count on '/sbin/init'      [ OK ]
[09:18:16]     Checking for hidden file extensions           [ None found ]
[09:18:16]     Running skdet command                         [ Skipped ]
[09:18:16] Info: Unable to find the 'skdet' command
[09:18:16]   Suckit Rookit additional checks                 [ OK ]

Code:
[09:18:41] Info: Starting test name 'filesystem'
[09:18:41] Performing filesystem checks
[09:18:41] Info: SCAN_MODE_DEV set to 'THOROUGH'
[09:18:42]   Checking /dev for suspicious file types         [ Warning ]
[09:18:42] Warning: Suspicious file types found in /dev:
[09:18:42]          /dev/.initramfs/fsck: ASCII text
[09:18:42]          /dev/.udev/data/c250:0: ASCII text
[09:18:42]          /dev/.udev/data/+input:input0: ASCII text
[09:18:42]          /dev/.udev/data/+input:input1: ASCII text
[09:18:42]          /dev/.udev/data/+input:input2: ASCII text
[09:18:42]          /dev/.udev/data/c189:0: ASCII text
[09:18:42]          /dev/.udev/data/n2: ASCII text
[09:18:42]          /dev/.udev/data/c189:128: ASCII text
[09:18:42]          /dev/.udev/data/c189:256: ASCII text
[09:18:42]          /dev/.udev/data/c189:384: ASCII text
[09:18:42]          /dev/.udev/data/c189:512: ASCII text
[09:18:42]          /dev/.udev/data/c189:640: ASCII text
[09:18:42]          /dev/.udev/data/b11:0: ASCII text
[09:18:42]          /dev/.udev/data/b8:0: ASCII text
[09:18:42]          /dev/.udev/data/b8:16: ASCII text
[09:18:42]          /dev/.udev/data/b8:1: ASCII text
[09:18:42]          /dev/.udev/data/b8:17: ASCII text
[09:18:42]          /dev/.udev/data/c189:768: ASCII text
[09:18:42]          /dev/.udev/data/c189:896: ASCII text
[09:18:42]          /dev/.udev/data/c189:1024: ASCII text
[09:18:42]          /dev/.udev/data/c189:897: ASCII text
[09:18:43]   Checking for hidden files and directories       [ Warning ]
[09:18:43] Warning: Hidden directory found: '/etc/.java'
[09:18:43] Warning: Hidden directory found: '/dev/.initramfs'
[09:18:43] Warning: Hidden directory found: '/dev/.udev'
Following the suggestions posted to the URL you mentioned,
Code:
# cat /sbin/init | egrep HOME
Binary file (standard input) matches
cat /proc/1/maps | egrep "init."
#
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)