Re: chkrootkit V. 0.47
- From: Luiz Eduardo Roncato Cordeiro <cordeiro@xxxxxxx>
- Date: Wed, 28 Nov 2007 10:36:29 -0200
Hi,
On Wednesday, 28 de November de 2007, Robert Watson <Robert Watson
<rwatson@xxxxxxxxxxx>> wrote:
On Tue, 20 Nov 2007, JP wrote:
--and--
Checking `lkm'... You have 131 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed
I wonder if it's trying to use procfs, which isn't mounted by default in
FreeBSD, and as a result reporting that /proc is empty (which is expected).
You could try mounting procfs and see if the message goes away, which would
answer the question -- however, we don't generaly advise mounting procfs
unless it is required, as it is a deprecated feature.
In fact it's a bug in the chkproc. We are working on it to be fixed in the
next chkrootkit version (0.48).
Cordeiro
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- chkrootkit V. 0.47
- From: JP
- Re: chkrootkit V. 0.47
- From: Robert Watson
- chkrootkit V. 0.47
- Prev by Date: Re: chkrootkit V. 0.47
- Next by Date: FreeBSD Security Advisory FreeBSD-SA-07:09.random
- Previous by thread: Re: chkrootkit V. 0.47
- Next by thread: FreeBSD Security Advisory FreeBSD-SA-07:09.random
- Index(es):
Relevant Pages
|
|
