Chuck wrote:
[...]
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> chkproc: Warning: Possible LKM Trojan installed
[...]
See my message in this ML from 2006-04-03:
###
Please keep in mind, that LKM seems to be a false positive many times
with chkrootkit, because chkrootkit in this case seems to test only
against processes that don't show up everywhere (afaik a diff with ps
and /proc). Please rescan after a reboot or so and look at this:
Manfred Sindhoff wrote 22 May 2004 in
debian-user-german:
"The lkm check is known to produce false positives for NPTL kernels
(2.6 kernels or 2.4 with NPTL patches). Common multithreaded programs
which will show this behaviour are slapd, mozilla and apache2 if you
use one of its threading MPMs."
(http://www.wiggy.net/debian/developer-securing/)
###
HTH
Daniel
-- Daniel Kraft Heilmeyersteige 131 D-89075 Ulm Tel: +49 700 572383-66 Fax: +49 700 572383-29 Certs: http://www.spotlite.de/web/kontakt.html wam@spotlite.de *** krafthost - professional business hosting http://www.krafthost.de/ ***
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver