On 29/11/24 04:37, Jeffrey Walton wrote:

On Thu, Nov 28, 2024 at 12:25 PM home user via users
<users@lists.fedoraproject.org> wrote:

(f-40, stand-alone workstation, gnome)

A few times in the past couple of months, I've received the following
warning from "chkrootkit":
- - - - - -
bash.1[~]: chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
[snip]
Checking `bindshell'... not infected
Checking `lkm'... You have     1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
chkdirs: nothing detected
Checking `rexedcs'... not found
[snip]
Checking `OSX_RSPLUG'... not tested
bash.2[~]:
- - - - - -
Leading and trailing lines are merely context.  "rkhunter" gives no
warnings.

What's going on with that lkm warning?

Do you really need us to google it for you?

I've run chkrootkit and it said there were no issues, but rkhunter has reported two suspect files, being /usr/bin/egrep and /usr/bin/fgrep because it has said they have been replaced by a script, is that standard Fedora?

regards,
Steve