FYI, just to be explicit, here is the patch which has been applied in Fedora (I would suggest the same should be done here unless someone has a better idea):
diff -ru chkrootkit-0.50-orig/chkrootkit chkrootkit-0.50/chkrootkit --- chkrootkit-0.50-orig/chkrootkit 2014-05-21 12:28:56.000000000 +0100 +++ chkrootkit-0.50/chkrootkit 2014-10-03 16:06:48.000000000 +0100 @@ -989,7 +989,14 @@ if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} 'HOME=' || \ cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1 then - echo "Warning: ${ROOTDIR}sbin/init INFECTED" + #echo "Warning: ${ROOTDIR}sbin/init INFECTED" + # ignore false positive (bugzilla #636231) + readlink -f ${ROOTDIR}sbin/init|${egrep} -q /systemd$ + if [ $? -eq 0 ]; then + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi + else + echo "Warning: ${ROOTDIR}sbin/init INFECTED" + fi else if [ -d ${ROOTDIR}/dev/.golf ]; then echo "Warning: Suspect directory ${ROOTDIR}dev/.golf"
FYI, just to be explicit, here is the patch which has been applied in Fedora (I would suggest the same should be done here unless someone has a better idea):
diff -ru chkrootkit- 0.50-orig/ chkrootkit chkrootkit- 0.50/chkrootkit 0.50-orig/ chkrootkit 2014-05-21 12:28:56.000000000 +0100 0.50/chkrootkit 2014-10-03 16:06:48.000000000 +0100 /proc/1/ maps | ${egrep} "init." ) >/dev/null 2>&1 sbin/init| ${egrep} -q /systemd$ /dev/.golf ]; then dev/.golf"
--- chkrootkit-
+++ chkrootkit-
@@ -989,7 +989,14 @@
if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} 'HOME=' || \
cat ${ROOTDIR}
then
- echo "Warning: ${ROOTDIR}sbin/init INFECTED"
+ #echo "Warning: ${ROOTDIR}sbin/init INFECTED"
+ # ignore false positive (bugzilla #636231)
+ readlink -f ${ROOTDIR}
+ if [ $? -eq 0 ]; then
+ if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
+ else
+ echo "Warning: ${ROOTDIR}sbin/init INFECTED"
+ fi
else
if [ -d ${ROOTDIR}
echo "Warning: Suspect directory ${ROOTDIR}