Chkrootkit show 'chsh is INFECTED' on rocky linux 9

Rocky Linux Help & Support
1

Hello. While using rocky linux9, the chkrootkit test shows that the ‘chsh is INFECTED’. Is there a solution in this case? The ‘chsh’ was installed as ‘dnf install util-linux-user’, version 2.37.4.

Only basic Linux settings are in place before the real service.

using chkrootkit is https://launchpad.net/chkrootkit/main/0.55/+download/chkrootkit-0.55.tar.gz

This does not happen with the ‘rocky linux 8 util-linux-user, version 2.32.1’

2

Most likely a false positive. chkrootkit is VERY crude in its check methods.

run it with the -d flag and find out why it thinks that it is infected. E.g:
sudo chkrootkit -d chsh
I personally prefer running rpm -Va from time to time. This reliably list any changed binaries (regardless whether there’s a rootkit or something else)

1 Like