Re: check for root kit
On Wed, 17 Apr 2002 15:02:02 +1000
email@example.com (Tom Massey) wrote:
> $ apt-cache show chkrootkit
That's a scary tool, if I ever saw one. I have it running once a day,
and it almost always reports a possible LKM "infection". Sometimes it
detects 1 process hidden from ps, sometimes 3 processes, sometimes none.
I'm reasonably sure the machine is not compromised, I think the tool is
just a bit too zealous.
I keep it installed because it does all sorts of checks for other types
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com