Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
lpfavreau
PostPosted: Tue Apr 19, 2005 10:15 am 
Offline
Senior Newbie

Joined: Tue Feb 22, 2005 12:17 am
Posts: 17
Location: Montreal, QC
Hi everyone, still learning and this morning I've received this from chkrootkit.

Code:
/etc/cron.daily/chkrootkit:
You have     1 process hidden for readdir command
You have     1 process hidden for ps command
Warning: Possible LKM Trojan installed
eth0: PACKET SNIFFER(/sbin/dhclient[200])


Then I've tried:

Code:
myhost:~# chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 2
###


Which, as you see, returned nothing. I've search around and it seems it is possible that chkrootkit returns false positives.

I use the 2.4.29-linode39-1um kernel with Debian Sarge.

Can someone explain to me what triggered this false positive today? Is it installation/upgrade of modules on the host-side?

Thanks!
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: dobriain and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group