Re: chkrootkit has me worried!

To: debian-security@lists.debian.org
Subject: Re: chkrootkit has me worried!
From: kevin bailey <kbailey@freewayprojects.com>
Date: Tue, 29 Nov 2005 05:15:48 +0000
Message-id: <[🔎] dmgo64$aug$1$8300dec7@news.demon.co.uk>
References: <[🔎] dmglo4$81r$1$8300dec7@news.demon.co.uk>

and..

:/usr/local/sbin# /usr/lib/chkrootkit/chkproc -v
PID     4: not in ps output
PID  1769: not in ps output
PID 15688: not in ps output
PID 15690: not in ps output
PID 17760: not in ps output
PID 17762: not in ps output
PID 21583: not in ps output
PID 21585: not in ps output
PID 21919: not in ps output
PID 21921: not in ps output
PID 23002: not in readdir output
PID 23002: not in ps output
PID 23085: not in readdir output
PID 23085: not in ps output
PID 23105: not in readdir output
PID 23105: not in ps output
You have     3 process hidden for readdir command
You have    13 process hidden for ps command



and....

freeway:~# cd /proc/1769/fd
freeway:/proc/1769/fd# ls -l
total 0
lrwx------   1 root     root           64 Nov 29 05:11 0 -> /dev/null
lrwx------   1 root     root           64 Nov 29 05:11 1 -> /dev/null
lrwx------   1 root     root           64 Nov 29 05:11 2 -> /dev/null
lrwx------   1 root     root           64 Nov 29 05:11 3 -> socket:[300]
freeway:/proc/1769/fd# grep 300 /proc/net/udp
freeway:/proc/1769/fd# grep 300 /proc/net/tcp
  26: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000    
0        0 300
freeway:/proc/1769/fd


:/

Reply to:

References:
- chkrootkit has me worried!
  - From: kevin bailey <kbailey@freewayprojects.com>

Prev by Date: chkrootkit has me worried!
Next by Date: Re: chkrootkit has me worried!
Previous by thread: chkrootkit has me worried!
Next by thread: Re: chkrootkit has me worried!
Index(es):
- Date
- Thread