On Fri, 26 Mar 2004 12:33:01 +0200 David Baron <d_baron@012.net.il> wrote: > > Checking `lkm'... You have 1 process hidden for readdir command > You have 1 process hidden for ps command > Warning: Possible LKM Trojan installed > > Is this a true report? > What does this do? > How to get rid of it if true? You may wish to read the documentation and/or search the web. Specifically, /usr/share/doc/chkrootkit/README.Debian , the chkrootkit open bug reports, what Wichart Akkerman wrote about this at http://www.wiggy.net/debian/developer-securing/ , and especially the archives of this mailing list. There, you can find links to info on when and why this can produce a false positive. -c -- Chris Metzler cmetzler@speakeasy.snip-me.net (remove "snip-me." to email) "As a child I understood how to give; I have forgotten this grace since I have become civilized." - Chief Luther Standing Bear
Attachment:
pgpvAO7PKp0I6.pgp
Description: PGP signature