** Package changed: chkrootkit (Ubuntu) => cyborg
** Changed in: cyborg
Assignee: (unassigned) => mit (mit2596)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
** Changed in: chkrootkit (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifi
This bug was fixed in the package chkrootkit - 0.50-3ubuntu1
---
chkrootkit (0.50-3ubuntu1) vivid; urgency=low
* Merge from Debian unstable. (LP: #454566) Remaining changes:
- debian/patches/fix-stack-smash.patch:
+ Fix segfault when running chkrootkit. (Closes: #767403)
** Branch linked: lp:ubuntu/vivid-proposed/chkrootkit
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifications about this b
** Bug watch added: Debian Bug tracker #740898
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740898
** Also affects: chkrootkit (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740898
Importance: Unknown
Status: Unknown
--
You received this bug notification becaus
Looking at the patch applied in F21, it doesn't seem like Fedora
actually fixed it. They simply check whether /sbin/init is a link to
systemd, and ignore the report if so.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in U
Fedora fixed it in FC21 with chkrootkit-0.50-4.fc2.
https://bugzilla.redhat.com/show_bug.cgi?id=636231#c1
** Bug watch added: Red Hat Bugzilla #636231
https://bugzilla.redhat.com/show_bug.cgi?id=636231
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
+1 to backporting chkrootkit 0.50.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifications about this bug go to:
https://b
Current version of chkrootkit is 0.50, released on June 4th, 2014. Maybe
we could get that version packaged up and backported?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Alright did some checking for myself, I just went ahead and did the
sha256sum checks on my own as well as hardlink check.
I've made a tutorial to check yourself
--
Testing with Sha256sum/md5sum
First we want to make a sha256sum or md5sum of the init in our system. To do
th
Confirmed still exists even in Linux Mint. No idea why Ubuntu has this
problem. Maybe it's not a false positive? Who really knows.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454
Following comment #30,I've also verified the md5sum of my /sbin/init
with the original package on http://packages.ubuntu.com/ and they do
match.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpa
Same here on Lubuntu 14.04 : on a new install chkrootkit reports Warning:
/sbin/init INFECTED but then there's no evidence of this with repeated passes
of unhide and rkhunter.
Apparently,also running chkrootkit -x and chkrootkit -x does not report the
infection,as far as I can see.
--
You rec
I also get this notice on 14.04 and Linux Mint 17(based on 14.04)
chkroothit -n
Searching for Suckit rootkit...Warning: /sbin/init INFECTED
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpa
Just upgraded two machines to 14.04; one of them is still getting this.
I wonder why there is no option on Ubuntu's "and put your money where
your mouth is" page for "fix known bugs instead of fiddling with the
GUI".
--
You received this bug notification because you are a member of Ubuntu
Server
After an upgrade from 12.04 to 14.04 I got a scared with the message
"suckit rootkit detected", too. rkhunter does not find anything. Here is
the MD5SUM of my /sbin/init
c9b343f85e6804e2d7ee70b810b1a15a /sbin/init
which is the same as found in /var/lib/dpkg/info/upstart.md5sums.
--
You receive
The attachment "Chkroot suckit false positive fix" seems to be a patch.
If it isn't, please remove the "patch" flag from the attachment, remove
the "patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned
heres a patch for it
** Patch added: "Chkroot suckit false positive fix"
https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/454566/+attachment/4095317/+files/chkrootkit_suckit_false_positive.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, wh
In most major new distros (including redhat and ubuntu) "strings /sbin/init |
grep HOME" returns:
XDG_CACHE_HOME
XDG_CONFIG_HOME
which still triggers an alert (false positive) for suckit rootkit in
14.04.
I checked the suckit source, and it gives:
sk2rc2$ strings ./src/sk | grep HOME
HOME=%s
So
exits in
xubuntu 13.10 32bit
and you may get egrep not found error as well
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage noti
PROBLEM STILL EXISTS ON 14.04 LTS!!!
please either fix chkrootkit or change /sbin/init - I hope in a more
security aware post snowden era this will now trigger some more action -
certainly many users will be very irritated about this.
This does not happen on other distros. Must be fixed before re
Problem still exists on 13.10 / amd64. I've dumped /sbin/init with
debugfs, compared it with the one from the package and they are
identical. /sbin/init seems to match 'HOME' and /proc/1/maps does not
match 'init.'
--
You received this bug notification because you are a member of Ubuntu
Server Te
Yes same for me with a fresh install of 13.04 this bug still shows
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifications
This went away in 12.10 and reappared when I upgraded to 13.04.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
To manage notifications ab
For those similarly affected: I recently reinstalled the upstart package
(0.6.5-8) on Lucid (10.04.4) and then received the Suckit [false] flag
from chkrootkit 0.49-3 (as well as the version in Debian Wheezy
(0.49-4.1)). After restarting the server, the flag disappeared. So, it
appears to be suff
Same here, also a falsepos (conclusion after doing the other usual tests
for Suckit). The problem exists in Lucid Lynx:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 10.04.2 LTS
Release:10.04
Codename: lucid
$ apt-cache show chkrootkit
+1 on Maverick after installing upstart 0.6.6-4 on 2011-02-11.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
--
Ubuntu-server-bugs mail
Confirmed on Maverick.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
https://bugs.launchpad.net/bugs/454566
Title:
False positive for SucKit
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu
On Thursday, 2010-08-19 at 08:02:45 -, Maxime wrote:
> I can confirm the issue on Lucid. It's probably related to an upstart
> update to 0.6.5-7.
> [...]
> Searching for Suckit rootkit... Warning:
> /sbin/init INFECTED
> [...]
> # strings /sbin/init | egrep HOME
>
Same thing for me. After my Lucid box ran weekly updates I started
seeing the "Searching for Suckit rootkit... Warning: /sbin/init
INFECTED" message from chkrootkit.
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of
** Changed in: chkrootkit (Ubuntu)
Importance: Wishlist => Medium
** Changed in: chkrootkit (Ubuntu)
Status: Incomplete => Confirmed
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team, wh
i have exact the same behavior and output as Maxime wrote in #14.
This false positive happens on my box since 17.08.2010 after this update:
"Preparing to replace upstart 0.6.5-6 (using
.../upstart_0.6.5-7_amd64.deb)"
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You receive
I can confirm the issue on Lucid. It's probably related to an upstart
update to 0.6.5-7.
# lsb_release -d
Description:Ubuntu 10.04.1 LTS
# chkrootkit -V
chkrootkit version 0.49
# chkrootkit
[...]
Searching for Suckit rootkit... Warning: /sbin/init
INFECTED
[.
I've got a reproduction here on a Lucid install.
Linux Neptune 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 06:07:29 UTC
2010 i686 GNU/Linux
mes...@neptune:/sbin$ sudo chkrootkit -V
chkrootkit version 0.49
Searching for Suckit rootkit... Warning:
/sbin/init INFECTED
m
On Wednesday, 2010-04-28 at 18:09:39 -, Chuck Short wrote:
> can you try to reproduce this on lucid please?
Searching for Suckit rootkit... nothing
found
I believe the false positive was gone for quite a while, probably due to
changes in init.
Lupe Christoph
--
|
can you try to reproduce this on lucid please?
chuck
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-ser
False positives with such tools come with the territory. Refused as a
server papercut during 20100217 meeting.
** Changed in: server-papercuts
Status: New => Invalid
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a me
I'm pretty sure I saw the string "HOME" in /sbin/init, but I can't prove
it anymore.
BTW, expertmode_output is just debugging:
expertmode_output() {
echo "###"
echo "### Output of: $1"
echo "###"
eval $1 2>&1
#cat <&1`
#EOF
return 0
}
--
False positive for SucKit
https:/
I don't think that chkrootkit alerting about this rootkit is related to
upstart init changes, but the output from /proc/1/maps instead.
Something like this should improve the test:
expertmode_output "${egrep} '^[^/]+${ROOTDIR}sbin/init.'
${ROOTDIR}proc/1/maps"
What do you think?
--
False positi
I have seen this problem pop up a few times since I reported it and
vanish again. Must be related to Phase of Moon. Right now it has
disappeared:
Searching for Suckit rootkit... nothing
found
chkrootkit:
Installed: 0.48-10
The version of chkrootkit is still the same
Just tried on latest karmic and it does not fail:
ii chkrootkit 0.48-10
ii upstart0.6.3-11
$ ls -li /sbin/init /sbin/telinit
444149 -rwxr-xr-x 1 root root 169676 2009-12-10 17:19 /sbin/init
448912 -rwxr-xr-x 1 root root 79312 2009-12-10 17:19 /sbin/telinit
Can you please confirm t
** Also affects: server-papercuts
Importance: Undecided
Status: New
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.
--
Ubuntu-server-bugs
Confirmed in Karmic. I posted this to the Ubuntu forums and was referred this
bug report.
My forums post is here:http://ubuntuforums.org/showthread.php?t=1386791
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubu
Thanks for the bug report. This will be looked at again for karmic+1.
Regards
chuck
** Changed in: chkrootkit (Ubuntu)
Importance: Low => Wishlist
** Changed in: chkrootkit (Ubuntu)
Status: Incomplete => Confirmed
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
Yo
On Monday, 2009-10-19 at 13:18:45 -, Chuck Short wrote:
> Thanks for the bug report. I was wondering if you have any suggestion to
> improve it.
Well, as there are some finer tests on the page I mentioned, what about
implementing them in chkrootkit?
Lupe Christoph
--
| There is no substitute
Thanks for the bug report. I was wondering if you have any suggestion to
improve it.
Thanks
chuck
** Changed in: chkrootkit (Ubuntu)
Importance: Undecided => Low
** Changed in: chkrootkit (Ubuntu)
Status: New => Incomplete
--
False positive for SucKit
https://bugs.launchpad.net/bugs/
** Attachment added: "Dependencies.txt"
http://launchpadlibrarian.net/33872395/Dependencies.txt
** Attachment added: "XsessionErrors.txt"
http://launchpadlibrarian.net/33872396/XsessionErrors.txt
--
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug not
47 matches
Mail list logo
