Chkroot reports LKM troyan, false postive?
From: runlevel0 (runlevel0_at_wanadoo.es)
Date: Mon, 22 Dec 2003 14:04:36 +0000 (UTC)
I run chkrootkit yesterday (22.12.2003) and got all negatives except
for a complaint about:
"possible lkm troyan"
"4 processes hidden from ps"
This sound very strange as I just updated to 2.4.23 kernel three days
ago and all the modules are new.
My box does not contain any Windoze, except apps which I can run with
I do not run any server and use firestarter / iptables as firewall.
So I need the following info to get sure:
1) How can I see processes hidden to PS?
2) Would it be possible for a troyan to place a new module for a newly
build kernel (vanilla)?
3) What should I search for and how?
4) Somebody knows about a bug in chkrootkit which could cause this?
Happy Xmas ;)