RE: chkrootkit and lkm

To: <debian-security@lists.debian.org>
Subject: RE: chkrootkit and lkm
From: "Michael Parkinson" <michael@intellnet.net.uk>
Date: Wed, 26 Nov 2003 11:33:45 -0000
Message-id: <[🔎] NHBBJLECDIDPOFHIGHANOECEEHAA.michael@intellnet.net.uk>
Reply-to: <michael@intellnet.net.uk>

Umm, I have the same problem.

If I kill Exim and Spamassassin no hidden processes reported.

Under normal load sometimes get 1-7 hidden processes.   Was is a state of
panic but it does appear that Exim and Spamassassin combined do create false
positives.

Can this be fixed?

Mike

Le mer 26/11/2003 à 01:17, Michael Bordignon a écrit :
> > I was just running 'chkrootkit' and came across this warning:
> >
> > > Checking `lkm'... You have     4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
>
> I have the same problem.. I believe it's a bug in chkrootkit
>

Do you stop the services before running chkrootkit?

It can append that chkrootkit report false positive on machine still
running services. I had the experience with exim. When I stop it I had
no false positive...

>
> Michael
>


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: chkrootkit and lkm
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: RE: chkrootkit and lkm
Next by Date: bridge firewall
Previous by thread: RE: chkrootkit and lkm
Next by thread: Re: chkrootkit and lkm
Index(es):
- Date
- Thread