Closing.
]]>See this discussion (the referenced patch was rejected, but I did not dive to understand exactly what it was) as well as the note in conclusion of this blog post.
]]>On a fresh install of arch i686 chkrootkit reports
checking lkm ... chkproc: nothing detected
-37 /usr/share
-2 /usr/bin
-1 /usr/sbin
-8 /lib
chkdirs: Warning: Possible LKM Trojan installed
This is a minimal testing system (btrfs, systemd, pacman 4, etc...) running in KVM. Meanwhile, on the arch x86_64 host (ext4 root), chkdirs is clean.
According to chkdirs.c, this program simply reports the link count discrepancy, and I suspect it fails because of btrfs... Is there any way to see which files exactly it complains about?
Thanks.
EDIT: Also, in the testing system rkhunter is clean, but I'm not sure if it poerforms exactly same checks...
]]>