I have started running chkrootkit (from www.chkrootkit.org) on one of our RAQ3's with some odd results. If I run Chkrootkit 10 times, one after the other, on about 3 of those runs it will randomly return the message: "You have1 process hidden for ps command Warning: Possible LKM Trojan installed" If I run "chkrootkit -x", it also occasionally returns: "PID 26192: not in readdir output PID 26192: not in ps output You have 1 process hidden for readdir command You have 1 process hidden for ps command" On the other 7 runs out of the 10, chkrootkit finds no problems at all. The hidden processes seemingly live and die very quickly. Running "top -i" shows no untoward processes, there is nothing in crontab, and nothing else about the machine seems to be unusual. This problem does not appear on another recently rebuilt RAQ we have however. Can anyone enlighten us as to what could be causing it? LF _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
[cobalt-security] Chkrootkit problem
Lawrence Frewin of Accommodation.com Sun, 11 Mar 2001 02:57:34 -0800
- Re: [cobalt-security] Chkrootkit prob... Lawrence Frewin of Accommodation.com
