chkrootkit V. 0.47

Robert Watson rwatson at FreeBSD.org
Wed Nov 28 04:05:01 PST 2007


On Tue, 20 Nov 2007, JP wrote:

> --and--
> Checking `lkm'... You have   131 process hidden for readdir command
> chkproc: Warning: Possible LKM Trojan installed

I wonder if it's trying to use procfs, which isn't mounted by default in 
FreeBSD, and as a result reporting that /proc is empty (which is expected). 
You could try mounting procfs and see if the message goes away, which would 
answer the question -- however, we don't generaly advise mounting procfs 
unless it is required, as it is a deprecated feature.

Robert N M Watson
Computer Laboratory
University of Cambridge


More information about the freebsd-security mailing list