chkrootkit finds 94 process hidden for readdir
Matthew Herzog
matthew.herzog at gmail.com
Sat Dec 23 13:26:30 PST 2006
Hello.
I run FreeBSD 6.1-RELEASE-p7 on an UltraSparc 5 machine.
I ran chkrootkit yesterday and saw this:
Checking `lkm'... You have 94 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed
Everything else was deemed clean by chkrootkit.
When I booted into single user mode and ran chkrootkit it said there were
"33 process hidden for readdir command"
The sha256 checksum is slightly different for the /usr/bin/su binary
on the install
media compared to the /usr/bin/su on the running install.
I could find nothing definitive on this subject posted online so . . . .
-- Matt H.
More information about the freebsd-stable
mailing list