When running a security check with an Intrusion Detection software named 'chkrootkit' Fedora 27 - Xfce Desktop Environment I get these results:
Checking `sniffer'... enp0s29u1u3: PF_PACKET(/usr/sbin/dhclient, /usr/sbin/dhclient)
It looks like my system (dhclient: 3976)has been attacked by network sniffers. I also found suspicious files and directories in /usr/lib/.build-id.
How do I remove network sniffers from dhclient(3976)?
Comment 1Beniamino Galvani
2018-05-21 08:08:49 UTC
dhclient is the DHCP client, which needs a raw socket to work, so this is a false positive. If you are paranoid you could check that the dhclient binary was not altered by verifying the package with:
rpm -V dhcp-client