Gentoo Archives: gentoo-user

From: Mick <michaelkintzios@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] rkhunter reports xorddos component
Date: Wed, 27 Feb 2019 12:28:25
Message-Id: 1813413.zpEh7hltbW@dell_xps
I noticed this beauty popping up a day ago:

Rootkit checks...
    Rootkits checked : 498
    Possible rootkits: 1
    Rootkit names    : xorddos component

Fair enough the log reported a suspect file:

Checking for file '/var/run/'         [ Not found ]
Checking for file '/var/run/'         [ Warning ]    <==This one
Checking for file '/var/run/'        [ Not found ]
[snip ...]

Warning: Checking for possible rootkit files and directories [ Warning ]
Found file '/var/run/'. Possible rootkit: xorddos component


I think it is a false positive, because none of the files mentioned in the 
interwebs[1] are seen lurking in my system, but I thought it wiser to check 


The rkhunter report of this xorddos component seems to have arrived with:




Could it be these versions are now launching /run/  Is a file /run/ present in your system?

In any case, the file merely contains the PID number of /lib/systemd/systemd-
udevd, rather than an ELF binary and /etc/init.d/ does not contain anything 
suspicious.  However, with armies generating variants of every conceivable 
malware I don't know if it pays to be a bit paranoid about this.



File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-user] rkhunter reports xorddos component Peter Humphrey <peter@××××××××××××.uk>
Re: [gentoo-user] rkhunter reports xorddos component Dale <rdalek1967@×××××.com>