Test with Chkrootkit
Michael Schwendt
fedora at wir-sind-cool.org
Mon Jul 26 08:25:21 UTC 2004
On Sun, 25 Jul 2004 19:09:02 -0700, Norman Nunn wrote:
> In one of my post, I indicated with the upgrade to 0.43, that all the
> original indicators (infections, hidden files and potential Trojan) were
> eliminated from the output.
Cannot confirm that. v0.43 is the last one from December 2003 and predates
Fedora Core 2. It works fine on Fedora Core 1 (adding option -m to ps for
hidden threads).
> However, /chkrootkit-0.43/chkproc -v specifically list the hidden files
> anyway, and the number of hidden files varies during the run without
> restarting the PC.
And chkrootkit runs chkproc, too.
More information about the fedora-list
mailing list