RE: Test with Chkrootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2004-07-25 at 18:48, John Dangler wrote:

> cat /proc/<pid>/cmdline...
> 
> I just installed chkrootkit and I got the " Warning: Possible LKM Trojan
> installed".  So I ran the chkproc, and then ran 'cat /proc/<pid>/cmdline on
> the processes.  Nothing looks out of place.  I'm running 2.6.6 FC2.  Of the
> 8 hidden processes, 3 have turned up
> "nautilus--no-default-window--sm-client-iddefault3"
> 
> Not sure what these are, but everything else turned up "not infected"
> Thanks for the tip about chkrootkit.  I'm also looking into clamav...
> 
> Regards,
> 
> John 
> 
> BTW, I'm using version 0.43 on a 2.6 kernel.  Works fine, as far as I  
> can tell.

Read the rest of this thread.  There is a known problem with some
versions of chkrootkit on Fedora.  It wrongly identifies a number of
processes as hidden.

The original poster reported that the latest version from the chkrootkit
site no longer has this problem.  
-- 
Scot L. Harris
webid@xxxxxxxxxx

Your analyst has you mixed up with another patient.  Don't believe a
thing he tells you. 



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux