[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: chkrootkit warning!?!?

From: Will Backman <whb ceimaine org>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Subject: Re: chkrootkit warning!?!?
Date: Wed, 14 Apr 2004 14:19:15 -0400

On Wed, 2004-04-14 at 13:46, t l wrote:
> While waiting for 56 updates to download, I installed and ran "chkrootkit-0.43" from www.chkrootkit.org.  (I was impressed by the reports of intrusions/breaks at Stanford Solaris/Linux systems.
> 
> Running it produces the following warning:
> 
>     ...
>     Checking `lkm'... You have     7 process hidden for readdir command
>     You have     7 process hidden for ps command
>     Warning: Possible LKM Trojan installed
>     ...
> 
> I was running this on kernel-2.6.5-1.319 (update to 322 in progress), with "setenforce 0".
> 
> Anything I should be concerned about?
> -- 
Checking `bindshell'... not infected
Checking `lkm'... You have    18 process hidden for readdir command
You have    18 process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found

[root cei3440 chkrootkit-0.43]# uname -a
Linux cei3440 2.6.5-1.319 #1 Mon Apr 12 08:20:07 EDT 2004 i686 i686 i386
GNU/Linux

I guess I am getting this too.


-- 
Will Backman <whb ceimaine org>
Coastal Enterprises, Inc.

References:
- chkrootkit warning!?!?
  - From: t l

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]