我chkrootkit最近使用过,结果如下:
/usr/lib/pymodules/python2.7/.path
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit
/usr/lib/jvm/.java-1.7.0-openjdk-i386.jinfo
/usr/lib/jvm/.java-8-oracle.jinfo
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.core.runtime.compatibility.registry_3.5.100.v20120521-2346/.api_description
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/.settings
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/profileRegistry/JMC.profile/.lock
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/profileRegistry/JMC.profile/.data
/usr/lib/jvm/java-8-oracle/lib/visualvm/platform/.lastModified
/usr/lib/jvm/java-8-oracle/lib/visualvm/profiler/.lastModified
/usr/lib/jvm/java-8-oracle/lib/visualvm/visualvm/.lastModified
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/.settings
/usr/lib/jvm/java-8-oracle/lib/missioncontrol/p2/org.eclipse.equinox.p2.engine/profileRegistry/JMC.profile/.data
并且:
Searching for Suckit rootkit...
Warning: /sbin/init INFECTED
答案1
chkrootkit没有对带有“Suckit rootkit”的附加文件进行全面检查,因此这几乎肯定是误报。
我建议使用的一个工具叫做rkhunter,这是因为它确实对 Suckit Rootkit 进行了额外的文件检查,因此不会犯同样的错误。
您可以使用以下命令安装 rkhunter:
sudo apt-get install rkhunter
阅读此内容以获取有关检测 Suckit Rootkit 在系统中的存在的更多信息chkrootkit,而实际上它并不存在于系统中:https://askubuntu.com/a/25179/364819