Date: Sun, 24 Dec 2006 02:22:39 +0100 From: "Julian H. Stacey" <jhs@flat.berklix.net> To: Ivan Voras <ivoras@fer.hr> Cc: freebsd-stable@freebsd.org Subject: Re: chkrootkit finds 94 process hidden for readdir Message-ID: <200612240122.kBO1MdIf082773@fire.jhs.private> In-Reply-To: <emkel7$hhe$1@sea.gmane.org> References: <7cf39bb60612231257p1a8a62c3g43a9da939306a59e@mail.gmail.com> <emkel7$hhe$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ivan Voras wrote: > Matthew Herzog wrote: > > > I ran chkrootkit yesterday and saw this: > > Checking `lkm'... You have 94 process hidden for readdir command > > chkproc: Warning: Possible LKM Trojan installed > > Does LKM stand for "Linux Kernel Module"? If so, no wonder the check has > gone lala :) No. Per /usr/ports/security/chkrootkit/work/chkrootkit-0.46a/README: Loadable Kernel Modules (LKM) trojan checking Havent tried it myself. -- Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. http://berklix.org/free-software
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612240122.kBO1MdIf082773>