chkrootkit finds 94 process hidden for readdir

Julian H. Stacey jhs at flat.berklix.net
Sat Dec 23 17:22:49 PST 2006


Ivan Voras wrote:
> Matthew Herzog wrote:
> 
> > I ran chkrootkit yesterday and saw this:
> > Checking `lkm'... You have    94 process hidden for readdir command
> > chkproc: Warning: Possible LKM Trojan installed
> 
> Does LKM stand for "Linux Kernel Module"? If so, no wonder the check has
> gone lala :)

No. Per
/usr/ports/security/chkrootkit/work/chkrootkit-0.46a/README:
Loadable Kernel Modules (LKM) trojan checking
Havent tried it myself.

-- 
Julian Stacey.  BSD Unix C Net Consultancy, Munich/Muenchen  http://berklix.com
Mail Ascii, not HTML.		Ihr Rauch = mein allergischer Kopfschmerz.
			http://berklix.org/free-software


More information about the freebsd-stable mailing list