chkrootkit finds 94 process hidden for readdir
Julian H. Stacey
jhs at flat.berklix.net
Sat Dec 23 17:22:49 PST 2006
Ivan Voras wrote:
> Matthew Herzog wrote:
>
> > I ran chkrootkit yesterday and saw this:
> > Checking `lkm'... You have 94 process hidden for readdir command
> > chkproc: Warning: Possible LKM Trojan installed
>
> Does LKM stand for "Linux Kernel Module"? If so, no wonder the check has
> gone lala :)
No. Per
/usr/ports/security/chkrootkit/work/chkrootkit-0.46a/README:
Loadable Kernel Modules (LKM) trojan checking
Havent tried it myself.
--
Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com
Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz.
http://berklix.org/free-software
More information about the freebsd-stable
mailing list