Chkrootkit anomaly
Lewis Watson
lists at visionsix.com
Wed Aug 27 07:41:54 PDT 2003
> Since there have already been a couple of questions on this I thought
I'd
> see if anyone could shed some light on something I've noticed since I
> started running chkrootkit. It runs every 15 minutes (overkill? Nah.) in
> quiet mode to cut down on noise in the logs, and sporadically I get
these
> notifications:
>
> You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> These messages will appear only on the odd occasion, seemingly
completely at
> random.
> False positives or very crafty rootkit?
> Any advice would be greatly appreciated!
Hi Sean,
I too have occasionally seen these, I am running 4.7-RELEASE.
Also, thanks for mentioning -q, I never knew there was such a thing :-)
Lewis
More information about the freebsd-questions
mailing list