Test with Chkrootkit
Geoffrey Leach
geoff at direcway.com
Mon Jul 26 20:15:53 UTC 2004
On 07.25 18:43, Scot L. Harris wrote:
> On Sun, 2004-07-25 at 20:57, John Dangler wrote:
> > [snip]
> >
> > >There is a known problem with some versions of chkrootkit on
> Fedora. It
> > >wrongly identifies a number of processes as hidden.
> >
> > That's why I just installed the latest version before making the
> comment.
> >
> > >The original poster reported that the latest version from the
> chkrootkit
> > >site no longer has this problem.
> >
> > If the "latest version" is .43, and the kernel is the latest 2.6.6,
> then it
> > still has the problem.
>
> The original poster was reporting that ls was infected along with
> hidden
> processes.
>
> I thought he had indicated that a newer version resolved all the
> issues
> but maybe it just resolves the ls issue. Plus I believe he pulled
> the
> sources for chkrootkit from the web site not the RPM that is
> available.
>
> The hidden process problem may not be fixed and from reading some
> additional postings on the subject it may not be fixable. Seems
> there
> may be a race condition in chkrootkit looking for hidden processes.
It appears that the problem is related to the version of procps. I
think that a new version of chkrootkit should be forthcoming shortly.
More information about the fedora-list
mailing list