chkrootkit and rkhunter

(abc) #1

I’ve downloaded parrot security os on the official website as a OVA to put in Virtualbox. Like any Pentesting OS i used chkrootkit and rkhunter to see if everything is fine this is what i encounter.

rkhunter log also didn’t have anything in it. I don’t know if it’s a false positive.

(Matt) #2

Try to avoid uploading images Support Guidelines

You can check the rkhunter log but they are most likely false positives.

(dmknght) #3

It shows dhcp client is a packet sniffer -> it is having a false positive. Then it shows rootkkit -> possibly an other false positive


Chkrootkit and rkhunter are tools that are utterly useless unless theyre specifically configured and one understands how to read to read the output. Never have I heard of either tool stumbling on something that wasnt obvious if anything at all.
At any rate running those from inside the VM is pointless anyway because if it was infected you couldnt trust the output. If you verify the chksum that pretty much tells you that you have what you downloaded. Of course its also only the host operating system that we really care about

1 Like
(dmknght) #5

Totally agree with this point. You see, i don’t think rkhunter and chrootkit are updated + there are so many rootkits / malwares nowadays. If you created infected system, you would never let user find it out easily like that.