Package: chkrootkit Version: 0.47-1.1 Severity: normal Hello,
since I have updated my system to have five IP aliases (eth0:0 .. eth0:4), I get reports from chkrootkit that I have "4 processes hidden from view". /etc/cron.daily/chkrootkit: The following suspicious files and directories were found: /usr/lib/ruby/gems/1.8/gems/actionpack-1.13.3/examples/.htaccess INFECTED (PORTS: 465) You have 4 process hidden for readdir command You have 4 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed A cross check with 'rkhunter' reveals no such hidden processes, and a careful audit of system logs and comparison with backups before the upgrade shows no suspicious activitiy, added files, or other things pointing towards a rootkit (so I'm really sure my system is clean). Since chkrootkit is known for reporting occasional false positives, maybe this can be explained and fixed? Thanks, Jens ([EMAIL PROTECTED]) -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.29hf32.3-jb-060327 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages chkrootkit depends on: ii binutils 2.15-6 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-22sarge6 GNU C Library: Shared libraries an ii net-tools 1.60-10 The NET-3 networking toolkit ii procps 1:3.2.1-2 The /proc file system utilities -- debconf information: * chkrootkit/run_daily: true * chkrootkit/run_daily_opts: -q * chkrootkit/diff_mode: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]