Re: [LUG] What Next?

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] What Next?
From: Mark McRitchie <mark@xxxxxxxxxx>
Date: Tue, 27 May 2003 09:40:10 +0100 (BST)
Reply-to: list@xxxxxxxxxxxx

On Mon, 26 May 2003, Michael Chidley wrote:
> I`ve been playing with `chkrootkit` on one on the LinuxFormat DVDs, i ran it
> and got the following output.....
>
> Checking `lkm'... You have     4 process hidden for ps command
> Warning: Possible LKM Trojan installed

How often have you run chkrootkit?
It checks the difference in the output of ps and the contents of somthing
under /proc . If a process has died in the interim, then the count will be
wrong.

I've had chkrootkit return a false positive to me on a few occasions,
mainly cause of a "suspicious" open port, when a quick netstat showed me
exactly what the program was on that port, and it was supposed to be
there.

HTH,
Mark.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

References:
- [LUG] What Next?
  - From: Michael Chidley

Prev by Date: [LUG] MIT community for F/OSS - papers etc
Next by Date: Re: [LUG] Slackware or Debian
Previous by thread: [LUG] What Next?
Next by thread: Re: [LUG] What Next?
Index(es):
- Date
- Thread

Lynx friendly