detecting rootkits Debian w/ XFCE desktop
When it comes to security, consider myself a newbie.
I'm dual booting Debian and KX Studio (Ubuntu).
I installed an add-on to Firefox that appeared to be mining, so after getting rid of it decided it's time to check the whole system.
I ran chkrootkit and rkhunter on both.
chkrootkit says it found Suckit rootkit had infected the /sbin/init process when I ran it on the KX Studio partition.
Msg:
Searching for Suckit rootkit... Warning: /sbin/init INFECTED
rkhunter found nothing, despite extra checking for Suckit.
No alerts from either program when I scanned the Debian partition.
Is this a false alarm? I would appreciate any insight the forum might offer on this.
Thank you in advance.
Last edited by armchairrambo; 06-20-2019 at 07:23 PM.
|