Re: chkrootkit
Incoming from David Sanders:
> I just ran chkrootkit for the first time on a woody machine and got:
>
> Checking `lkm'... You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Checking `sniffer'...
> PROMISC mode detected in one of these interfaces: eth0 sit0
I wish this was added to the Debian chkrootkit manpage (if it
exists?). This is a FAQ, and you'll get far better answers on
chkrootkit from the chkrootkit-users list. You can search their
archive at:
http://marc.theaimsgroup.com/?l=chkrootkit-users
It's a very low volume, high S/N list. If you use chkrootkit, you'd
be well advised to subscribe to it.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
Reply to:
- References:
- chkrootkit
- From: David Sanders <debian@sandersweb.net>