chkrootkit V. 0.47
Robert Watson
rwatson at FreeBSD.org
Wed Nov 28 04:05:01 PST 2007
On Tue, 20 Nov 2007, JP wrote:
> --and--
> Checking `lkm'... You have 131 process hidden for readdir command
> chkproc: Warning: Possible LKM Trojan installed
I wonder if it's trying to use procfs, which isn't mounted by default in
FreeBSD, and as a result reporting that /proc is empty (which is expected).
You could try mounting procfs and see if the message goes away, which would
answer the question -- however, we don't generaly advise mounting procfs
unless it is required, as it is a deprecated feature.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-security
mailing list