-1

I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.

I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:

Checking `tcpd'...                                          INFECTED

So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.

Growing My Roots
  • 23

1 Answers1

2

It appears that this is a common false-positive

In this Ubuntu Forums post, user kpatz tested this in a fresh 16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by comparing the md5sum from the package:

$ dpkg -S /usr/sbin/tcpd
tcpd: /usr/sbin/tcpd
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
usr/sbin/safe_finger: OK
usr/sbin/tcpd: OK
usr/sbin/tcpdchk: OK
usr/sbin/tcpdmatch: OK
usr/sbin/try-from: OK
usr/share/man/man8/safe_finger.8.gz: OK
usr/share/man/man8/tcpd.8.gz: OK
usr/share/man/man8/tcpdchk.8.gz: OK
usr/share/man/man8/tcpdmatch.8.gz: OK
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).

[1]: https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235

source

There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump

Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497
SlidingHorn
  • 106