Package: chkrootkit Version: 0.48-5 Severity: normal Run # while true; do find /proc >/dev/null; done&
and /usr/lib/chkrootkit/chkproc will report hidden processes: You have 17 process hidden for readdir command You have 17 process hidden for ps command and chkrootkit will suspect an LKM Trojan running (not every time, however). This is what I sometimes receive from the cron job: You have 2 process hidden for readdir command You have 2 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed See also http://linux.derkeiler.com/Mailing-Lists/Fedora/2008-05/msg01397.html -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (900, 'testing'), (100, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages chkrootkit depends on: ii binutils 2.18.1~cvs20080103-7 The GNU assembler, linker and bina ii debconf [debconf-2. 1.5.22 Debian configuration management sy ii libc6 2.7-13 GNU C Library: Shared libraries ii net-tools 1.60-19 The NET-3 networking toolkit ii procps 1:3.2.7-8 /proc file system utilities chkrootkit recommends no packages. chkrootkit suggests no packages. -- debconf information: * chkrootkit/run_daily: true * chkrootkit/run_daily_opts: -q * chkrootkit/diff_mode: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
