chkrootkit warning!?!?
Will Backman
whb at ceimaine.org
Wed Apr 14 18:19:15 UTC 2004
On Wed, 2004-04-14 at 13:46, t l wrote:
> While waiting for 56 updates to download, I installed and ran "chkrootkit-0.43" from www.chkrootkit.org. (I was impressed by the reports of intrusions/breaks at Stanford Solaris/Linux systems.
>
> Running it produces the following warning:
>
> ...
> Checking `lkm'... You have 7 process hidden for readdir command
> You have 7 process hidden for ps command
> Warning: Possible LKM Trojan installed
> ...
>
> I was running this on kernel-2.6.5-1.319 (update to 322 in progress), with "setenforce 0".
>
> Anything I should be concerned about?
> --
Checking `bindshell'... not infected
Checking `lkm'... You have 18 process hidden for readdir command
You have 18 process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
[root at cei3440 chkrootkit-0.43]# uname -a
Linux cei3440 2.6.5-1.319 #1 Mon Apr 12 08:20:07 EDT 2004 i686 i686 i386
GNU/Linux
I guess I am getting this too.
--
Will Backman <whb at ceimaine.org>
Coastal Enterprises, Inc.
More information about the fedora-test-list
mailing list