chkrootkit warning!?!?
Michael Schwendt
ms-nospam-0306 at arcor.de
Wed Apr 14 18:49:18 UTC 2004
On Wed, 14 Apr 2004 21:31:46 +0300, Pekka Pietikainen wrote:
> On Wed, Apr 14, 2004 at 09:46:16AM -0800, t l wrote:
> > While waiting for 56 updates to download, I installed and ran "chkrootkit-0.43" from www.chkrootkit.org. (I was impressed by the reports of intrusions/breaks at Stanford Solaris/Linux systems.
> >
> > Running it produces the following warning:
> >
> > ...
> > Checking `lkm'... You have 7 process hidden for readdir command
> > You have 7 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> > ...
> >
> > I was running this on kernel-2.6.5-1.319 (update to 322 in progress), with "setenforce 0".
> >
> > Anything I should be concerned about?
> Probably not (chkrootkit gives false positives with NPTL, basically).
But this behaviour is new in Fedora Core 2 Test release. chkrootkit
doesn't show the same symptoms with Fedora Core 1.
More information about the fedora-test-list
mailing list