Security Basics mailing list archives
Re: Bug in chkrootkit ?
From: "shrek-m () gmx de" <shrek-m () gmx de>
Date: Wed, 30 Jul 2003 20:11:44 +0200
Michael Weber wrote:
Hi there, i am relatively new to security purposes and in this list. My name ist Michael Weber, i'm Networkadmin from Germany and i hope you can help me to solve this riddle: When starting "chkrootkit" (v 0.38) i get the Message: "You have 4 process hidden for ps command" and the hint for a probably installed "LKM Rootkit". So far, so good. "chkproc" with verbose option enabled (-v) say: [mw@zeus chkrootkit-0.38]# ./chkproc -v PID 26194: not in ps output PID 26195: not in ps output PID 26196: not in ps output PID 26197: not in ps output You have 4 process hidden for ps command That's fine, now we know the PID and can ask... [mw@zeus chkrootkit-0.38]# ps p 26194 PID TTY STAT TIME COMMAND 26194 ? S 0:00 named -u named
https://listman.redhat.com/archives/phoebe-list/2003-February/thread.html "chkrootkit on phoebe" 0.38 is outdated http://www.chkrootkit.org/ 0.41 is available -- shrek-m --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Bug in chkrootkit ? Michael Weber (Jul 30)
- RE: Bug in chkrootkit ? Todd Mitchell - lists (Jul 30)
- Re: Bug in chkrootkit ? Michael Weber (Jul 30)
- RE: Bug in chkrootkit ? Todd Mitchell - lists (Jul 30)
- Re: Bug in chkrootkit ? Michael Weber (Jul 30)
- Re: Bug in chkrootkit ? Alex 'CAVE' Cernat (Jul 30)
- Re: Bug in chkrootkit ? Alex 'CAVE' Cernat (Jul 30)
- Re: Bug in chkrootkit ? Juraj Ziegler (Jul 31)
- Re: Bug in chkrootkit ? Douglas J Hunley (Jul 30)
- Re: Bug in chkrootkit ? shrek-m () gmx de (Jul 30)
- Re: Bug in chkrootkit ? entmoot (Jul 30)
- Re: Bug in chkrootkit ? Tony Meman (Jul 30)
- RE: Bug in chkrootkit ? Todd Mitchell - lists (Jul 30)