Chkroot reports LKM troyan, false postive?
From: runlevel0 (runlevel0_at_wanadoo.es)
Date: 12/22/03
- Next message: erik: "Re: Some information"
- Previous message: Nico Kadel-Garcia: "Re: Some information"
- Next in thread: buck: "Re: Chkroot reports LKM troyan, false postive?"
- Reply: buck: "Re: Chkroot reports LKM troyan, false postive?"
- Reply: ynotssor: "Re: Chkroot reports LKM troyan, false postive?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Dec 2003 14:04:36 +0000 (UTC)
Hy group,
I run chkrootkit yesterday (22.12.2003) and got all negatives except
for a complaint about:
"possible lkm troyan"
"4 processes hidden from ps"
This sound very strange as I just updated to 2.4.23 kernel three days
ago and all the modules are new.
My box does not contain any Windoze, except apps which I can run with
wine.
I do not run any server and use firestarter / iptables as firewall.
So I need the following info to get sure:
1) How can I see processes hidden to PS?
2) Would it be possible for a troyan to place a new module for a newly
build kernel (vanilla)?
3) What should I search for and how?
4) Somebody knows about a bug in chkrootkit which could cause this?
TIA
Happy Xmas ;)
- Next message: erik: "Re: Some information"
- Previous message: Nico Kadel-Garcia: "Re: Some information"
- Next in thread: buck: "Re: Chkroot reports LKM troyan, false postive?"
- Reply: buck: "Re: Chkroot reports LKM troyan, false postive?"
- Reply: ynotssor: "Re: Chkroot reports LKM troyan, false postive?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
