Galera; * Musashi corta a msg que Fabricio Cannini Flores enviou para Still: > Completando o assunto, > li isto numa página que dá dicas sobre como aumentar a segurança de > máquinas Linux (mais especificamente, Debian). > Ao que parece, há um exploit do kernel solto por aí. > Mas este negócio do trojan é um defeito do LKM, conforme diz a página. > > http://www.wiggy.net/debian/developer-securing Só para completar mais ainda: # Checking `lkm'... You have 4 process hidden for ps command Warning: Possible LKM Trojan installed You can get more info by running it in expert verbose mode, here is an example, $ chkrootkit -x lkm ROOTDIR is `/' ### ### Output of: ./chkproc -v -v ### PID 4: not in ps output CWD 4: / EXE 4: / PID 5: not in ps output CWD 5: / EXE 5: / PID 6: not in ps output CWD 6: / EXE 6: / PID 7: not in ps output CWD 7: / EXE 7: / You have 4 process hidden for ps command Check the /proc/<pid>/status file for the name of the process. Example: $ cat /proc/[4-7]/status |grep Name Name: ksoftirqd_CPU0 Name: kswapd Name: bdflush Name: kupdated The lkm check is known to produce false positives for NPTL kernels (2.6 kernels or 2.4 with NPTL patches). Common multithreaded programs which will show this behaviour are slapd, mozilla and apache2 if you use one of its threading MPMs. The lkm check is known to fail on really slow machines. As processess start up and exit, it thinks they are hidden. []'s, Still -- Nelson Luiz Campos .''`. | I hear; I forget. Engenheiro Eletricista : :' : | I see; I remember. Linux User #89621 UIN 11464303 `. `'` | I do; I understand. gnupgID: 55577339 `- | Chinese Proverb
Attachment:
signature.asc
Description: Digital signature