[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Chrootkit: hidden processes

Subject: RE: [cobalt-users] Chrootkit: hidden processes
From: Arthur Sherman <arturs@xxxxxxxxxxxxxxxx>
Date: Tue Feb 10 23:53:00 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Got this in output:

[root chkrootkit-0.43]# ./chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
[root chkrootkit-0.43]# 

Should I consider it's clean? So why it gives me that warning?

Arthur Sherman
 

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx 
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Ren? M?lsted
> Sent: Wednesday, February 11, 2004 09:40
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] Chrootkit: hidden processes
> 
> On 11/2-2004, at 8.19, Arthur Sherman wrote:
> > i get following lines in chrootkit output:
> > Checking `lkm'... You have 1 process hidden for readdir command You 
> > have 1 process hidden for ps command
> > Warning: Possible LKM Trojan installed How could i manage this?
> > Thank you
> > Arthur Sherman
> 
> Try running it manually:
> ./chkrootkit -x lkm
> You should see something like this:
> ###
> ### Output of: ./chkproc -v
> ###
> 
> René
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

Follow-Ups:
- RE: [cobalt-users] Chrootkit: hidden processes
  - From: Phil Beynon

References:
- Re: [cobalt-users] Chrootkit: hidden processes
  - From: René Mølsted

Prev by Date: Re: [cobalt-users] Chrootkit: hidden processes
Next by Date: [cobalt-users] PHPDig
Previous by thread: Re: [cobalt-users] Chrootkit: hidden processes
Next by thread: RE: [cobalt-users] Chrootkit: hidden processes

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index