Re: chkrootkit finds 94 process hidden for readdir

[ Available lists | Index of freebsd-stable | Month of Dec 2006 | Week of 24 Dec 2006 | Raw email | View thread | Wrap long lines | Reply | Tag ]
From
Edwin Groothuis <edwin@mavetju.org>
Date
24 Dec 2006 02:01:28
Subject
Re: chkrootkit finds 94 process hidden for readdir
Message-ID
20061224014523.GB90165@k7.mavetju

In reply to
Matthew Herzog
References to
Matthew Herzog
Replies
Matthew Herzog
Referenced by
Matthew Herzog

[ Hide this part ] 
On Sat, Dec 23, 2006 at 03:57:35PM -0500, Matthew Herzog wrote:
> I run FreeBSD 6.1-RELEASE-p7 on an UltraSparc 5 machine.
> I ran chkrootkit yesterday and saw this:
> Checking `lkm'... You have    94 process hidden for readdir command
> chkproc: Warning: Possible LKM Trojan installed
 
I thought this was related to the time difference in "ps" and the
processing of the /proc directory.
 
Edwin
 
--
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwin@mavetju.org    |          Weblog: http://weblog.barnet.com.au/edwin/
Elapsed time: 0.095 seconds