Re: LKM?

To: debian-user@lists.debian.org
Subject: Re: LKM?
From: Richard Kimber <rkimber@ntlworld.com>
Date: Fri, 28 Nov 2003 18:02:26 +0000
Message-id: <[🔎] 20031128180226.73a4696a.rkimber@ntlworld.com>
In-reply-to: <[🔎] 20031128170010.GA8503@test>
References: <[🔎] 20031128170010.GA8503@test>

On Fri, 28 Nov 2003 11:00:10 -0600
"Kevin C. Smith" <smithkevinc@mchsi.com> wrote:

> Running Debian Sid.
> 
> chkrootkit-0.42b reports:
> 
> Checking `lkm'... You have     4 process hidden for ps command
> Warning: Possible LKM Trojan installed
> 
> There are four PID which report as '0' 
> 
> lappy:~$ ps ax
>   PID TTY      STAT   TIME COMMAND
>     1 ?        S      0:04 init [2]
>     2 ?        SW     0:00 [keventd]
>     3 ?        SW     0:00 [kapmd]
>     0 ?        SWN    0:00 [ksoftirqd_CPU0]
>     0 ?        SW     0:00 [kswapd]
>     0 ?        SW     0:00 [bdflush]
>     0 ?        SW     0:00 [kupdated]
> 
> /proc/ shows the following processes: 4, 5, 6, and 7 which appear to be
> the ones showing up as '0'.

No. It's not a compromise.  It's just a bug.

- Richard.
-- 
Richard Kimber
http://www.psr.keele.ac.uk/

Reply to:

References:
- LKM?
  - From: "Kevin C. Smith" <smithkevinc@mchsi.com>

Prev by Date: Re: LKM?
Next by Date: Re: [Frox-user] can't comple frox (FTP Proxy) from scrath.. HELP
Previous by thread: Re: LKM?
Next by thread: Package problems on stable
Index(es):
- Date
- Thread