 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Sun 29 Mar 2020, 16:47 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
chkrootkit says Stardust /sbin/init INFECTED with Suckit
|
 
|
View previous topic :: View next topic |
| Page 1 of 2 [20 Posts] | Goto page: 1, 2 Next |
| Author | Message | ||||||
|---|---|---|---|---|---|---|---|
|
Rocket
Joined: 02 Mar 2010 Posts: 16 |
I ran chkrootkit on Stardust Puppy and it found the following. "Searching for Suckit rootkit... Warning: /sbin/init INFECTED" Now I have to figure out what to do about it. R |
||||||
|
|||||||
 |
|||||||
|
Lobster
Official Crustacean  Joined: 04 May 2005 Posts: 15587 Location: Paradox Realm |
I suppose not running Stardust is a start 
Is the rootkit on the CD or on your install?
http://la-samhna.de/library/rootkits/list.html Chkrootkit http://en.wikipedia.org/wiki/Chkrootkit Tin hats to maximum Release the hounds . . . Can someone confirm it is on CD? _________________ Puppy Raspup 8.2 Final 
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html  |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 10548 Location: SwedenEurope |
Are you guys joking around or is this for real? My English often fails to know if people just tease each other or if it is a serious thing. How do I test it on my machine? Does this chroot thing give false positives? Have anybody told Zigbert? How do I get rid of it if I ahve it? _________________ I use Google Search on Puppy Forum not an ideal solution though |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 10548 Location: SwedenEurope |
By run it on Stardust do you mean that you pointed chkrootkit to the Stardust Puppy .iso file and it looked through it or have you installed Stardust Puppy in full install or frugal install or on DVD as a live user session and then activated the chkrootkit on Stardust Puppy? Which other linux do you ahve installed now? A rootkit is on the first sectors in root. Does that not mean it could have been there before you downloaded Star Dust? I mean did you run chkrootkit on your machine before you downloaded the iso and which iso was it. There are Stardust from 001 to 012 so very many to chose iso to test?
so if that is how you did it you have a CD or DVD and there executed the Chrootkit and it looked through your HD with Stardust on it? _________________ I use Google Search on Puppy Forum not an ideal solution though |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 10548 Location: SwedenEurope |
It can be a false positive! https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/454566
If one run it with Rookit Hunter is does not find it. So hopefully it is a false positive. _________________ I use Google Search on Puppy Forum not an ideal solution though |
||||||
|
|||||||
|
|||||||
Eyes-Only
 Joined: 10 Aug 2006 Posts: 1046 Location: La Confederation Abenaquaise |
You folks will find some very fascinating reading, plus how to use the CLI/terminal to manually check for SuckIt, at this URL: http://forums.gentoo.org/viewtopic-t-326062-highlight-suckit.html And yes, that's brought to us from our good gentoo brethren. Thanks to them for the tips. 
I hope this helped all involved? Did me! Amicalement/Mazzel/Cheers! Eyes-Only "L'Peau-Rouge" _________________ *~*~*~*~*~* Proud user of LXpup and 3-Headed Dog.
*~*~*~*~*~* |
||||||
|
|||||||
|
|||||||
|
nancy reagan
Joined: 22 Jan 2009 Posts: 549 |
... Rocket just landed stranded here today . Not being a tweaker, one must try one's other senses (if available) and I thought he just landed here today, so ?? fancy Reagan [/u] |
||||||
|
|||||||
|
|||||||
8-bit
 Joined: 03 Apr 2007 Posts: 3425 Location: Oregon |
I just ran "chkrootkit -q" on Puppy 431 frugal install and it returned:
So has anyone else had that output from it? I do not keep any personal info on my PC, so I am not overly concerned. |
||||||
|
|||||||
|
|||||||
|
Lobster
Official Crustacean Joined: 04 May 2005 Posts: 15587 Location: Paradox Realm |
Stand down red alert call back the hounds Consolation for the tin hats . . . http://freshmeat.net/projects/rkhunter We await Positive falsies and other potential threats
'Why so serious' [Joker as played by the late Heath Ledger] Somebody has said what a malware detector is reporting We need to move from a position of ignorance to what and why this is happening. . . . that is fun . . .
Rooting for Puppy _________________ Puppy Raspup 8.2 Final
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 10548 Location: SwedenEurope |
Yes one can joke about serious things too. but as a newbie the solutions that was suggested was too technical to be followed by me at least. If any of you could use them maybe you can explain how one do it step by step? _________________ I use Google Search on Puppy Forum not an ideal solution though |
||||||
|
|||||||
|
|||||||
|
8-bit
Joined: 03 Apr 2007 Posts: 3425 Location: Oregon |
Both root kit checking programs have README files with them that tell you how to use them. And neither one has to be installed to use them as per the README files. I tried both, so I am speaking from experience. |
||||||
|
|||||||
|
|||||||
|
nooby
Joined: 29 Jun 2008 Posts: 10548 Location: SwedenEurope |
I tested a third one that column writers did recommend at geek com something. Rootkit Revealer and it run/ran for some 30 minutes or more and finally told me it had found some 409000 things that was not what it expected. I tried to look through them but had not knowledge enough to get what it was all about. I maybe try the one named Gmer too and the Chroot one . But seems one have to know much to have any usage of them. For experts? _________________ I use Google Search on Puppy Forum not an ideal solution though |
||||||
|
|||||||
|
|||||||
bugman
 Joined: 20 Dec 2005 Posts: 2131 Location: buffalo commons |
i'm confused as on my system /sbin/init is a link can a link be infected? _________________ . . . the machines are clean and the machines are not corrupted - lee "scratch" perry |
||||||
|
|||||||
|
|||||||
|
8-bit
Joined: 03 Apr 2007 Posts: 3425 Location: Oregon |
When I ran the check root programs, it displayed a number of warnings on files. I do believe there were there because of Puppy's use of system links and scripts used to call some executables. Since it is looking for an executable and finds a link or a script, it kicks back a warning. Does that make sense? |
||||||
|
|||||||
|
|||||||
Pizzasgood
 Joined: 04 May 2005 Posts: 6266 Location: Knoxville, TN, USA |
They are false alarms. Chkroot doesn't like busybox, which is what we use to provide several of the core utilities. http://www.murga-linux.com/puppy/viewtopic.php?p=359171#359171
_________________ Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib  |
||||||
|
|||||||
|
|||||||
chkrootkit says Stardust /sbin/init INFECTED with Suckit
| Page 1 of 2 [20 Posts] | Goto page: 1, 2 Next |
|
|
View previous topic :: View next topic |
|
Forum index » Off-Topic Area » Security |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group