On Thu, Jun 07, 2012 at 03:16:09PM +0000, Beartooth wrote:
>
> One tells me, on several machines, that /sbin/init is infected
> with the Suckit rootkit; the other says not. Is there a way to tell
> whether I'm seeing a false positive or a false negative?
>
> Fwiw, this result occurs both on an F16 machine, and on an f17
> one with a fresh install. (Both are fully updated.)
If you do an 'rpm -V systemd' and you don't see any result for
/sbin/init or /lib/systemd/systemd, my bet would be false positive.
-V means verify: compares the checksums of the files belonging to that
package with what's registered in the RPM database, and alerts for
changes ("5" in the output IIRC).
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
The open source story continues to grow: http://opensource.com
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
