> > > chkroot gave this email message. > > > > `bindshell'... not infected > > Checking `lkm'... You have 2 process hidden for readdir command > > You have 2 process hidden for ps command > > Warning: Possible LKM Trojan installed > > Checking `rexedcs'... not found > > > > how would I verify if this is true? > > The hidden process check can and will sometimes report hidden > processes when > there are none. Please be aware of these *false* alarms which > will happen > mostly when you're running many dynamic processes. Like > Apache, MySQL or ASP. > Exact. With 50 Mysql databases on one raq, these false alarms are reported twice a week on my machine.
My newbee question is : I use the solarspeed cheap and clean security kit, but do I need to update rootkits definition ? Tr�s cordialement. Thanks for all Michael. --------------------- Philippe. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
