Created
March 29, 2022 14:33
-
-
Save stefanschmidt/a454bf1a1c21deb78072133527a96276 to your computer and use it in GitHub Desktop.
chkrootkit 0.55 reports false positive for timed on macOS Mojave 10.14.6 (18G103)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sw_vers | grep -E 'ProductVersion|BuildVersion' | |
| ProductVersion: 10.14.6 | |
| BuildVersion: 18G103 | |
| $ brew install chkrootkit | |
| ==> Downloading https://ghcr.io/v2/homebrew/core/chkrootkit/manifests/0.55 | |
| Already downloaded: /Users/stefan/Library/Caches/Homebrew/downloads/09b127ebda92fbe220c997e4b03716223b647c1893d08c2f8f35ccac65b71a0a--chkrootkit-0.55.bottle_manifest.json | |
| ==> Downloading https://ghcr.io/v2/homebrew/core/chkrootkit/blobs/sha256:dcb47fe | |
| Already downloaded: /Users/stefan/Library/Caches/Homebrew/downloads/a1e9dccaef720633989239dbd3fcb79d4fc7252965ed73e7eb4a2ffe2795a0b4--chkrootkit--0.55.mojave.bottle.tar.gz | |
| ==> Pouring chkrootkit--0.55.mojave.bottle.tar.gz | |
| 🍺 /usr/local/Cellar/chkrootkit/0.55: 15 files, 170.8KB | |
| $ sudo chkrootkit -r PrimarySystem timed | |
| ROOTDIR is `PrimarySystem/' | |
| Checking `timed'... INFECTED | |
| $ grep GENERIC_ROOTKIT_LABEL $(which chkrootkit) | head -1 | |
| GENERIC_ROOTKIT_LABEL="^/bin/.*sh$|bash|elite$|vejeta|\.ark|iroffer" | |
| $ strings /usr/libexec/timed | grep '/bin/sh' | |
| /bin/sh | |
| $ shasum FreshInstall/usr/libexec/timed PrimarySystem/usr/libexec/timed | |
| e7db417511f3589ddb368b85b4596b4f1931e3d4 FreshInstall/usr/libexec/timed | |
| e7db417511f3589ddb368b85b4596b4f1931e3d4 PrimarySystem/usr/libexec/timed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment