Re: Bug in chkrootkit ?
From: Alex 'CAVE' Cernat (cave_at_cernat.ro)
Date: 07/30/03
- Previous message: Alex 'CAVE' Cernat: "Re: Bug in chkrootkit ?"
- In reply to: Michael Weber: "Bug in chkrootkit ?"
- Next in thread: Douglas J Hunley: "Re: Bug in chkrootkit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jul 2003 19:54:50 +0300 To: security-basics@securityfocus.com
On Wed, 30 Jul 2003 13:30:03 +0200
Michael Weber <mweber@hitwin.com> wrote:
> "You have 4 process hidden for ps command" and the hint for a probably
> installed "LKM Rootkit". So far, so good. "chkproc" with verbose
> option enabled (-v) say:
ring a bell; check your chrootkit version; it must be the newest
in older one on redhat 9 at least, maybe another distributions, the
threads (implemented as nptl) we're classified as hidden processes
(patched in the newest version of chrootkit); named can be configured to
use threads, check this too ... maybe this is the real reason
Alex
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Alex 'CAVE' Cernat: "Re: Bug in chkrootkit ?"
- In reply to: Michael Weber: "Bug in chkrootkit ?"
- Next in thread: Douglas J Hunley: "Re: Bug in chkrootkit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
