Re: Chkrootkit - true/false ?

To: David Ross <david@zdata.co.za>
Cc: debian-isp <debian-isp@lists.debian.org>
Subject: Re: Chkrootkit - true/false ?
From: August MacBeth <August@HiPDesign.com>
Date: Fri, 21 May 2004 10:55:16 -0700
Message-id: <[🔎] 40AE4284.1040707@HiPDesign.com>
In-reply-to: <[🔎] 05C8155485DB894FAEDD9249BCE5A51E0E7477@Exch2003.mrdb.local>
References: <[🔎] 05C8155485DB894FAEDD9249BCE5A51E0E7477@Exch2003.mrdb.local>

yeah. i think there are some bug reports on chkrootkit / woody. if yourun it again right after, you shouldn't get the message again. (ipersonally prefer rkhunter) :)


http://tinyurl.com/3fddn

~august

David Ross wrote:

Hi

I have rkhunter and chkrootkit running in a cron job every morning and
every now and again I get chkrootkit results like this:

Checking `lkm'... You have     3 process hidden for ps command
Warning: Possible LKM Trojan installed

And sometimes this:

Checking `lkm'... You have     3 process hidden for readdir command
You have     3 process hidden for ps command
Warning: Possible LKM Trojan installed

Sometimes chkrootkit returns nothing detected and every time rkhunter
tells me nothing is wrong. Is this a false positive with chkrootkit and
debian woody?

Dave

Reply to:

References:
- Chkrootkit - true/false ?
  - From: "David Ross" <david@zdata.co.za>

Prev by Date: Re: multiple IP addresses cause ZONE TRANSFER to fail.
Next by Date: Re: Chkrootkit - true/false ?
Previous by thread: Chkrootkit - true/false ?
Next by thread: Re: Chkrootkit - true/false ?
Index(es):
- Date
- Thread