[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Chkrootkit - What next

Subject: RE: [cobalt-users] Chkrootkit - What next
From: "Peter Baldwin" <peterj@xxxxxxxxxxxxxx>
Date: Wed Nov 7 18:55:40 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Checking `lkm'... You have     2 process hidden for readdir command
> You have     2 process hidden for ps command
> Warning: Possible LKM Trojan installed

Usually not to worry.  Run it again to see if it goes away.  From the
chkrootkit FAQ:

"If you run chkproc on a server that runs lots of short time processes it
could report some false positives. chkproc compares the ps output with the
/proc contents. If processes are created/killed during this operation
chkproc could point out these PIDs as suspicious. "

Cheers!
Peter.

_______________________________
Vito - Cobalt Appliance Monitor
http://vito.pointclark.net

References:
- [cobalt-users] Chkrootkit - What next
  - From: Revd leonard payne

Prev by Date: Re: [cobalt-users] Perl 5.6.1
Next by Date: [cobalt-users] RAQ3 check pass; user unknown - Again
Previous by thread: [cobalt-users] Chkrootkit - What next
Next by thread: Re: [cobalt-users] Webalizer problem...Still

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index