chkrootkit V. 0.47
Luiz Eduardo Roncato Cordeiro
cordeiro at cert.br
Wed Nov 28 04:54:52 PST 2007
Hi,
On Wednesday, 28 de November de 2007, Robert Watson <Robert Watson
<rwatson at freebsd.org>> wrote:
> On Tue, 20 Nov 2007, JP wrote:
>
> > --and--
> > Checking `lkm'... You have 131 process hidden for readdir command
> > chkproc: Warning: Possible LKM Trojan installed
>
> I wonder if it's trying to use procfs, which isn't mounted by default in
> FreeBSD, and as a result reporting that /proc is empty (which is expected).
> You could try mounting procfs and see if the message goes away, which would
> answer the question -- however, we don't generaly advise mounting procfs
> unless it is required, as it is a deprecated feature.
In fact it's a bug in the chkproc. We are working on it to be fixed in the
next chkrootkit version (0.48).
Cordeiro
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
>
More information about the freebsd-security
mailing list