chkrootkit - pyllyukko/harden.yml GitHub Wiki
Some false positives documented below.
Suspicious files and directories
/usr/lib/libreoffice/share/.registry
Installed from libreoffice-common
.
/usr/lib/jvm/.java-1.17.0-openjdk-armhf.jinfo
Installed from openjdk-17-jre-headless
.
.lgd-nfy0
Created by pinout (at least). See Consider different/configurable name and location for .lgd-nfyx pipes & Write .lgd-nfy file to tmp?.
/usr/lib/python3/dist-packages/matplotlib/...
/usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.{eslintrc.js,prettier{rc,ignore}}
/usr/lib/python3/dist-packages/matplotlib/tests/{tinypages/{.gitignore,_static/.gitignore},baseline_images/.keep}
Installed from python3-matplotlib
.
/usr/lib/python3/dist-packages/numpy/...
/usr/lib/python3/dist-packages/numpy/{core/include/numpy/.doxyfile,f2py/tests/src/{f2cmap/.f2py_f2cmap,assumed_shape/.f2py_f2cmap}}
Installed from python3-numpy
.
/usr/lib/debug/.build-id
Installed from libc6-dbg
.
/usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/...
/usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.{gitignore,vscodeignore,vscode}
Installed from libruby3.1
.
/usr/lib/ruby/vendor_ruby/rubygems/...
/usr/lib/ruby/vendor_ruby/rubygems/{optparse/.document,ssl_certs/.document,tsort/.document}
Installed from ruby-rubygems
.
/usr/lib/pypy/lib_pypy/ctypes_config_cache/.empty
Installed from pypy-lib
.