chkrootkit warning!?!?
Michael Schwendt
ms-nospam-0306 at arcor.de
Thu Apr 15 00:20:36 UTC 2004
On Wed, 14 Apr 2004 18:49:52 -0300, Pedro Fernandes Macedo wrote:
> Michael Schwendt wrote:
>
> >But this behaviour is new in Fedora Core 2 Test release. chkrootkit
> >doesn't show the same symptoms with Fedora Core 1.
> >
> >
> This happened to me since I installed FC1 on some machines.. ypbind
> would hide some processes and make chkrootkit complain on a server.. on
> my machine , the same happened with xmms , mozilla and a few other
> programs..
On FC1, please try again with a more recent version of chkrootkit,
e.g. the package from http://fedora.us. chkrootkit has support for
threads, which appear in 'ps' output only with option "-m". Enter
chkrootkit home directory and run chkproc from there, e.g.
# cd /usr/lib/chkrootkit-0.43
# ./chkproc -v
4345 is a Linux Thread, marking as such...
4346 is a Linux Thread, marking as such...
4347 is a Linux Thread, marking as such...
4348 is a Linux Thread, marking as such...
On FC 1.9x, however, the hidden processes and directories in /proc are not
recognized as threads and cannot seem to be listed with 'ps'.
--
Fedora Core release 1 (Yarrow) - Linux 2.4.22-1.2179.nptl
More information about the fedora-test-list
mailing list