chkrootkit finds 94 process hidden for readdir

Kris Kennaway kris at
Tue Dec 26 19:44:52 PST 2006

On Sat, Dec 23, 2006 at 03:57:35PM -0500, Matthew Herzog wrote:
> Hello.
> I run FreeBSD 6.1-RELEASE-p7 on an UltraSparc 5 machine.
> I ran chkrootkit yesterday and saw this:
> Checking `lkm'... You have    94 process hidden for readdir command
> chkproc: Warning: Possible LKM Trojan installed
> Everything else was deemed clean by chkrootkit.
> When I booted into single user mode and ran chkrootkit it said there were
> "33 process hidden for readdir command"
> The sha256 checksum is slightly different for the /usr/bin/su binary
> on the install
> media compared to the /usr/bin/su on the running install.
> I could find nothing definitive on this subject posted online so . . . .

Most likely this is just another false positive with this inherently
unreliable problem.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-stable mailing list