Re: Chkrootkit - true/false ?
> > Checking `lkm'... You have 3 process hidden for readdir command
> > You have 3 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> >
> > Sometimes chkrootkit returns nothing detected and every time rkhunter
> > tells me nothing is wrong. Is this a false positive with chkrootkit
and
> > debian woody?
No. I dont get that error.
What I can note is that one time one ofthe servers got stuffed up for some
reason (the RAID array borked at the wrong moment or something) and
something weird happened to /proc or such. We actually didn't know this at
the time, so we ran chkrootkit (the backports.org version) and found a
similar error to your's. We were all frantic, checking the backups and
everything, until we checked the logs and saw RAID error. We rebooted the
server and re-ran chkrootkit and all was fine.
This certainly does not mean the same in your case, but just though you
might want to know.
Jas
Reply to: