When running a security check with an Intrusion Detection software named 'chkrootkit' Fedora 27 - Xfce Desktop Environment I get these results: Checking `sniffer'... enp0s29u1u3: PF_PACKET(/usr/sbin/dhclient, /usr/sbin/dhclient) It looks like my system (dhclient: 3976)has been attacked by network sniffers. I also found suspicious files and directories in /usr/lib/.build-id. How do I remove network sniffers from dhclient(3976)?
dhclient is the DHCP client, which needs a raw socket to work, so this is a false positive. If you are paranoid you could check that the dhclient binary was not altered by verifying the package with: rpm -V dhcp-client