Unexpected chkrootkit output - detects its own session?
I have run chkrootkit on this machine and it gives:
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! user xxxx pts/0 bash
! user xxxx pts/0 sudo chkrootkit
! root xxxx pts/0 /bin/sh /usr/sbin/chkrootkit
! root xxxx pts/0 ./chkutmp
! root xxxx pts/0 ps axk tty,ruser,args -o tty,pid,ruser,args
! root xxxx pts/0 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
I'm a numpty in these matters, but it appears to me that chkrookit is just failing to find the record of its own current session processes in utmp.
Is this right, and is it normal? I don't see it on my straight ubuntu/unity machine.
(I don't have any special security concerns on this machine - I'm just playing/learning linux tools)
Last edited by maglinu; October 13th, 2012 at 12:55 PM.
Re: Unexpected chkrootkit output - detects its own session?
Just tried chkrootkit on my xubuntu livecd - with similar results. It appears this actually is a difference between ubuntu and xubuntu behaviour.