Security Basics mailing list archives
Re: Bug in chkrootkit ?
From: Alex 'CAVE' Cernat <cave () cernat ro>
Date: Wed, 30 Jul 2003 19:54:50 +0300
On Wed, 30 Jul 2003 13:30:03 +0200 Michael Weber <mweber () hitwin com> wrote:
"You have 4 process hidden for ps command" and the hint for a probably installed "LKM Rootkit". So far, so good. "chkproc" with verbose option enabled (-v) say:
ring a bell; check your chrootkit version; it must be the newest in older one on redhat 9 at least, maybe another distributions, the threads (implemented as nptl) we're classified as hidden processes (patched in the newest version of chrootkit); named can be configured to use threads, check this too ... maybe this is the real reason Alex --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Bug in chkrootkit ? Michael Weber (Jul 30)
- RE: Bug in chkrootkit ? Todd Mitchell - lists (Jul 30)
- Re: Bug in chkrootkit ? Michael Weber (Jul 30)
- RE: Bug in chkrootkit ? Todd Mitchell - lists (Jul 30)
- Re: Bug in chkrootkit ? Michael Weber (Jul 30)
- Re: Bug in chkrootkit ? Alex 'CAVE' Cernat (Jul 30)
- Re: Bug in chkrootkit ? Alex 'CAVE' Cernat (Jul 30)
- Re: Bug in chkrootkit ? Juraj Ziegler (Jul 31)
- Re: Bug in chkrootkit ? Douglas J Hunley (Jul 30)
- Re: Bug in chkrootkit ? shrek-m () gmx de (Jul 30)
- Re: Bug in chkrootkit ? entmoot (Jul 30)
- Re: Bug in chkrootkit ? Tony Meman (Jul 30)
- RE: Bug in chkrootkit ? Todd Mitchell - lists (Jul 30)