Rootkit

Used chkrootkit and got a big list of “not founds” so make sure to use the -q flag.

The following suspicious files and directories were found:
/usr/lib/ruby/gems/3.0.0/gems/minitest-5.14.2/.autotest
/usr/lib/ruby/gems/3.0.0/gems/power_assert-1.2.0/.travis.yml
/usr/lib/ruby/gems/3.0.0/gems/rbs-1.0.4/.rubocop.yml
/usr/lib/ruby/vendor_ruby/rubygems/tsort/.document
/usr/lib/ruby/vendor_ruby/rubygems/optparse/.document

Here’s the bash script to dispode of them:

#!/bin/bash
LIST=($@) # FILE1 FILE2 ...

function SWAP() {
    local TARGET=$1;
    sudo rm $TARGET -r
    sudo touch $TARGET
    echo "Swapped $TARGET"
}

for ITEM in "${LIST[@]}"; do
	SWAP $ITEM;
done;