I just did a re-install of "upstart", then ran chkrootkit and bingo, it flags sbin/init as infected with the suckit rootkit. Is it really infected? A false positive. Or is the newly installed 'upstart" package installing a new infected init file, or infecting the existing init file? The md5 of the newly infected file is: 9fc881364679290346cda8236563025e same as last infection.
I would appear that by updating the Ubuntu package "*upstart*", the file /sbin/init becomes infected or is replaced with an infected version. Hope this helps. U.Betcha On 11/18/2010 09:57 AM, U.Betcha wrote: > UPSTART: event-based init daemon > > *upstart *is a replacement for the /sbin/init daemon which handles > starting of tasks and services during boot, stopping them during > shutdown and supervising them while the system is running. > > My machine has Ubuntu _upstart_ version 0.6.5-7, installed. My updates > are served from the Ubuntu Main server. > > > On 11/18/2010 04:10 AM, Kees Cook wrote: > >> MintUpdate is not part of the Ubuntu archives. Can you isolate the >> specific package URL that you downloaded that chkrootkit is flagging? >> >> ** Visibility changed to: Public >> >> ** Changed in: upstart (Ubuntu) >> Status: New => Incomplete >> >> >> > -- ubuntu 10.04 /sbin/init infected by update (suckit) https://bugs.launchpad.net/bugs/676376 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
