chkrootkit and vncserver
subscribed-lists at sterndata.com
Sun May 23 14:59:04 UTC 2004
This morning's normal system checks triggered alarms. Chkrootkit reported a
possible LKM trojan.
Checking `lkm'... You have 5 process hidden for readdir command
You have 5 process hidden for ps command
Warning: Possible LKM Trojan installed
I've tracked this down to vncserver. I have one X session assigned to VNC.
If I do /sbin/service vncserver stop, then chkrootkit reports no LKM problem.
When I restart the server, the LKM message reappears.
Can anyone else verify this on their system?
More information about the fedora-list