[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] Chkrootkit

Subject: [cobalt-developers] Chkrootkit
From: Herb Rubin <herbr@xxxxxxxxxxxx>
Date: Mon Jul 14 10:06:00 2003
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

All,

I just ran chkrootkit on my Raq 4, and it said this:

Checking `lkm'... You have     1 process hidden for readdir command
You have     1 process hidden for ps command
Warning: Possible LKM Trojan installed

Is this a real trojan on my system? (LKM means Loadable Kernel Module)
Has a hacker loaded a kernel module? How can I see this module?

I do have portsentry running in the background, if that is important
here. False positive?

Should I be worried and if so what can I do to remove it?

Herb

-- 
Herb Rubin                 Pathfinders Software
herbr@xxxxxxxxxxxx         http://www.pfinders.com
phone: 650-692-9220        fax:   650-692-9250

Follow-Ups:
- Re: [cobalt-developers] Chkrootkit
  - From: Gerald Waugh
- [cobalt-developers] Raq4 ROM versions for Raq4 AND Raq550 OS
  - From: Steve Groom

References:
- [cobalt-developers] Force Site to Load SSL
  - From: Raq Admin
- Re: [cobalt-developers] Force Site to Load SSL
  - From: Stephen Cooke

Prev by Date: Re: [cobalt-developers] Raq4: Installing SpamAssassin
Next by Date: Re: [cobalt-developers] Chkrootkit
Previous by thread: Re: [cobalt-developers] Force Site to Load SSL
Next by thread: Re: [cobalt-developers] Chkrootkit

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index