Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: Possible rootkits in my system (Read 1717 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Possible rootkits in my system

Whilst I had htop running I saw what looked like a suspicious user called something like "rootkt" or something similar to that.  Anyway, I had not seen it again but I then installed rkhunter and performed a scan of my system which provided the following result:
Code: [Select]
[22:04:40] System checks summary
[22:04:40] =====================
[22:04:41]
[22:04:41] File properties checks...
[22:04:41] Required commands check failed
[22:04:41] Files checked: 125
[22:04:41] Suspect files: 4
[22:04:41]
[22:04:41] Rootkit checks...
[22:04:41] Rootkits checked : 502
[22:04:41] Possible rootkits: 8
[22:04:41] Rootkit names    : Sniffer component, Spam tool component
[22:04:41]
[22:04:41] Applications checks...
[22:04:41] All checks skipped
[22:04:41]
[22:04:41] The system checks took: 5 minutes and 3 seconds
[22:04:41]
[22:04:41] Info: End date is Thu 17 Oct 22:04:41 BST 2019

I'm a bit worried about the possible rootkits it claims are on my system.  During the scan it checked for all known rootkits in its database and none were found.

If there are rootkits on my system, then it is more than likely they came from packages I installed from AUR, but is likely that they could have come from Artix or Arch databases?

Re: Possible rootkits in my system

Reply #1
rkhunter gives a log of what files it thinks are suspicious right? You should be able to look at those files and see if you know where they came from.


 

Re: Possible rootkits in my system

Reply #3
Are the suspicious files libkeyutils.so.1.9 residing inside your libs directories? This is a known false positive and you may ignore it. I'm getting the same here.

Yes.

After looking in to the suspicious files rkhunter highlighted I've already come to the conclusion that rkhunter is throwing up false positives.