chkrootkit warning!?!?
Michael Schwendt
ms-nospam-0306 at arcor.de
Wed Apr 14 18:39:51 UTC 2004
On Wed, 14 Apr 2004 09:46:16 -0800, t l wrote:
> While waiting for 56 updates to download, I installed and ran "chkrootkit-0.43" from www.chkrootkit.org. (I was impressed by the reports of intrusions/breaks at Stanford Solaris/Linux systems.
>
> Running it produces the following warning:
>
> ...
> Checking `lkm'... You have 7 process hidden for readdir command
> You have 7 process hidden for ps command
> Warning: Possible LKM Trojan installed
> ...
>
> I was running this on kernel-2.6.5-1.319 (update to 322 in progress), with "setenforce 0".
>
> Anything I should be concerned about?
No. I have asked about this before (should be in the list archives).
There are several processes, which are not found by 'ps' and are not
listed in /proc/$PID either. Various options to 'ps' (e.g. -m for threads)
don't help. I haven't pursued this further.
More information about the test
mailing list