[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Chkrootkit - true/false ?



> > Checking `lkm'... You have     3 process hidden for readdir command
> > You have     3 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> >
> > Sometimes chkrootkit returns nothing detected and every time rkhunter
> > tells me nothing is wrong. Is this a false positive with chkrootkit
and
> > debian woody?


 No. I dont get that error.

What I can note is that one time one ofthe servers got stuffed up for some
reason (the RAID array borked at the wrong moment or something) and
something weird happened to /proc or such. We actually didn't know this at
the time, so we ran chkrootkit (the backports.org version) and found a
similar error to your's. We were all frantic, checking the backups and
everything, until we checked the logs and saw RAID error. We rebooted the
server and re-ran chkrootkit and all was fine.

This certainly does not mean the same in your case, but just though you
might want to know.

Jas



Reply to: