[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Chkrootkit

Subject: Re: [cobalt-developers] Chkrootkit
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon Jul 14 10:49:01 2003
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Mon, 14 Jul 2003, Herb Rubin wrote:

> All,
>
> I just ran chkrootkit on my Raq 4, and it said this:
>
> Checking `lkm'... You have     1 process hidden for readdir command
> You have     1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Is this a real trojan on my system? (LKM means Loadable Kernel Module)
> Has a hacker loaded a kernel module? How can I see this module?
>
> I do have portsentry running in the background, if that is important
> here. False positive?
>
> Should I be worried and if so what can I do to remove it?

  Run chkrootkit multiple times and see if the Warning repeats.

Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
  Front Street Networks LLC, 229 Front Street, Ste.#C
  New Haven, CT 06513-3203 | phone: +1-203-785-0699

Follow-Ups:
- RE: [cobalt-developers] Chkrootkit
  - From: Michele Neylon:: Blacknight Solutions

References:
- [cobalt-developers] Force Site to Load SSL
  - From: Raq Admin
- Re: [cobalt-developers] Force Site to Load SSL
  - From: Stephen Cooke
- [cobalt-developers] Chkrootkit
  - From: Herb Rubin

Prev by Date: [cobalt-developers] Chkrootkit
Next by Date: RE: [cobalt-developers] Chkrootkit
Previous by thread: [cobalt-developers] Chkrootkit
Next by thread: RE: [cobalt-developers] Chkrootkit

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index