chkrootkir LKM Trojan ?
Gerhard Gaußling
ggrubbish at web.de
Thu Jul 20 18:08:28 UTC 2006
Am Sonntag, 16. Juli 2006 10:26 schrieb Dave S:
> You have 3 process hidden for readdir command
> You have 3 process hidden for ps command
> chkproc: Warning: Possible LKM Trojan installed
I have that one for years now, on every debian/ubuntu system I
installed.
Trust me: It' a false positive.
http://www.google.com/search?q=chkrootkit+%22false+positive%22+LKM
http://marc2.theaimsgroup.com/?l=chkrootkit-users&m=108551495301911&w=2
||"The lkm check is known to produce false positives for NPTL kernels
|| (2.6 kernels or 2.4 with NPTL patches). Common multithreaded programs
|| which will show this behaviour are slapd, mozilla and apache2 if you
|| use one of its threading MPMs."
|| (http://www.wiggy.net/debian/developer-securing/)
Use rkhunter instead, or compile a new kernel ;-).
regards
Gerhard Gaußling
More information about the ubuntu-users
mailing list