Rootkits, or not…

I’ve just spent about an hour, checking on the internet, after chkrootkit on my workstation flagged up a couple of supposedly hidden processes. Not exactly panicking, but more a case of trying to work out what it’s found.

The first thing that I came across was a site that said that there is “no malware for Linux”. Ignoring that one, I then found references to rkhunter. I’d spotted the Debian package before, but never really played with it. So with a quick “apt-get install”, I was able to run it. And it found something…

Turns out though, that there was a bug (#576680) listed with Debian. I then used this workaround, which basically says “do what it says in the README.Debian file distributed with the package”, and all is now happy. Even better – I’ve now had a chance to have a look at both chkrootkit and rkhunter a bit more than I had before.