chkrootkit finds 94 process hidden for readdir
Matthew Herzog
matthew.herzog at gmail.com
Sat Dec 23 18:36:00 PST 2006
Yeah, I saw postings that refered to "time difference in ps and
processing /proc" but did not know
whether the postings could be trusted. I see no strange behavior on
the machine. I run chkrootkit about once a month just in case.
On 12/23/06, Edwin Groothuis <edwin at mavetju.org> wrote:
> On Sat, Dec 23, 2006 at 03:57:35PM -0500, Matthew Herzog wrote:
> > I run FreeBSD 6.1-RELEASE-p7 on an UltraSparc 5 machine.
> > I ran chkrootkit yesterday and saw this:
> > Checking `lkm'... You have 94 process hidden for readdir command
> > chkproc: Warning: Possible LKM Trojan installed
>
> I thought this was related to the time difference in "ps" and the
> processing of the /proc directory.
>
> Edwin
>
> --
> Edwin Groothuis | Personal website: http://www.mavetju.org
> edwin at mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/
>
More information about the freebsd-stable
mailing list