Test with Chkrootkit
Scot L. Harris
webid at cfl.rr.com
Mon Jul 26 01:43:40 UTC 2004
On Sun, 2004-07-25 at 20:57, John Dangler wrote:
> [snip]
>
> >There is a known problem with some versions of chkrootkit on Fedora. It
> >wrongly identifies a number of processes as hidden.
>
> That's why I just installed the latest version before making the comment.
>
> >The original poster reported that the latest version from the chkrootkit
> >site no longer has this problem.
>
> If the "latest version" is .43, and the kernel is the latest 2.6.6, then it
> still has the problem.
The original poster was reporting that ls was infected along with hidden
processes.
I thought he had indicated that a newer version resolved all the issues
but maybe it just resolves the ls issue. Plus I believe he pulled the
sources for chkrootkit from the web site not the RPM that is available.
The hidden process problem may not be fixed and from reading some
additional postings on the subject it may not be fixable. Seems there
may be a race condition in chkrootkit looking for hidden processes.
--
Scot L. Harris
webid at cfl.rr.com
Fortune's Office Door Sign of the Week:
Incorrigible punster -- Do not incorrige.
More information about the users
mailing list