On Sun, 2004-07-25 at 20:57, John Dangler wrote: > [snip] > > >There is a known problem with some versions of chkrootkit on Fedora. It > >wrongly identifies a number of processes as hidden. > > That's why I just installed the latest version before making the comment. > > >The original poster reported that the latest version from the chkrootkit > >site no longer has this problem. > > If the "latest version" is .43, and the kernel is the latest 2.6.6, then it > still has the problem.
The original poster was reporting that ls was infected along with hidden processes.
I thought he had indicated that a newer version resolved all the
issues
but maybe it just resolves the ls issue. Plus I believe he pulled the
sources for chkrootkit from the web site not the RPM that is
available.
The hidden process problem may not be fixed and from reading some
additional postings on the subject it may not be fixable. Seems there
may be a race condition in chkrootkit looking for hidden processes.
It appears that the problem is related to the version of procps. I think that a new version of chkrootkit should be forthcoming shortly.
