Cyborg

  1. Bug #454566
  2. Comment #8

Comment 8 for bug 454566

Revision history for this message
Alex Muntada (alex.muntada) wrote :

I don't think that chkrootkit alerting about this rootkit is related to upstart init changes, but the output from /proc/1/maps instead. Something like this should improve the test:

expertmode_output "${egrep} '^[^/]+${ROOTDIR}sbin/init.' ${ROOTDIR}proc/1/maps"

What do you think?