Description of problem: The output of msec weekly on my Mageia 2 system (fully updated) signals Chkrootkit check: failed and, amongst other messages - farther down Searching for Suckit rootkit... Warning: /sbin/init INFECTED That sounds quite alarming - but, in Redhat, is considered as a "false positive": a corresponding bug exists in Redhat since December 2010, https://bugzilla.redhat.com/show_bug.cgi?id=636231 - not resolved, but the ticket has been quite active. If this bug cannot be fixed with a reasonable effort, Mageia should at least disable the corresponding test in chkrootkit in order to keep the output of msec meaningful. Version-Release number of selected component (if applicable): chkrootkit-0.49-5.mga1.src.rpm How reproducible: 100 % Steps to Reproduce: 1. Run msec weekly (unless a weekly report exists already) 2. In the output, search for SUCKIT 3.
See Also: (none) => https://bugzilla.redhat.com/show_bug.cgi?id=636231Source RPM: chkrootkit-0.49-5.mga1.src.rpm => chkrootkit-0.49-5.mga1.src.rpm,systemd
CC: (none) => javier_diaz
Keywords: (none) => TriagedCC: (none) => ennael1, stormiSource RPM: chkrootkit-0.49-5.mga1.src.rpm,systemd => chkrootkit-0.49-5.mga1.src.rpm
QA Contact: (none) => security
Created attachment 4348 [details] Patch to remove check for the string HOME in /sbin/init.
CC: (none) => davidwhodgins
Keywords: (none) => Junior_job, PATCH
Created attachment 4349 [details] Patch to remove check for string HOME in /sbin/init Fixing a typo in the comment
Attachment 4348 is obsolete: 0 => 1
Fixed in Cauldron in chkrootkit-0.49-7.mga4. Technically it wouldn't be appropriate to backport this to Mageia 2, since sysvinit is still supported there. It could be backported to Mageia 3.
Version: 2 => 3
Ping. Can someone fix this for Mageia 3?
Depends on: (none) => 13481
Fixed by the update in Bug 13481: http://advisories.mageia.org/MGASA-2014-0249.html
Status: NEW => RESOLVEDResolution: (none) => FIXED