chkrootkit - pyllyukko/harden.yml GitHub Wiki

Some false positives documented below.

Suspicious files and directories

/usr/lib/libreoffice/share/.registry

Installed from libreoffice-common.

/usr/lib/jvm/.java-1.17.0-openjdk-armhf.jinfo

Installed from openjdk-17-jre-headless.

.lgd-nfy0

Created by pinout (at least). See Consider different/configurable name and location for .lgd-nfyx pipes & Write .lgd-nfy file to tmp?.

/usr/lib/python3/dist-packages/matplotlib/...

• /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.{eslintrc.js,prettier{rc,ignore}}
• /usr/lib/python3/dist-packages/matplotlib/tests/{tinypages/{.gitignore,_static/.gitignore},baseline_images/.keep}

Installed from python3-matplotlib.

/usr/lib/python3/dist-packages/numpy/...

/usr/lib/python3/dist-packages/numpy/{core/include/numpy/.doxyfile,f2py/tests/src/{f2cmap/.f2py_f2cmap,assumed_shape/.f2py_f2cmap}}

Installed from python3-numpy.

/usr/lib/debug/.build-id

Installed from libc6-dbg.

/usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/...

/usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.{gitignore,vscodeignore,vscode}

Installed from libruby3.1.

/usr/lib/ruby/vendor_ruby/rubygems/...

/usr/lib/ruby/vendor_ruby/rubygems/{optparse/.document,ssl_certs/.document,tsort/.document}

Installed from ruby-rubygems.

/usr/lib/pypy/lib_pypy/ctypes_config_cache/.empty

Installed from pypy-lib.