Right now chkrootkit gets lots of false positives regarding LKMs. There was a pretty thorough discussion just a couple days ago so look through the archive for the details: http://lists.debian.org/debian-security/
So, its _probably_ a false alarm, but .... -- David Ehle Computing Systems Manager CAPP CSRRI rm 077 LS Bld. IIT Main Campus Chicago IL 60616 [EMAIL PROTECTED] 312-567-3751 On Tue, 2 Dec 2003, Miek Gieben wrote: > Hello, > > When reading again about the (Debian) breakin, it said you should run > chkrootkit > to see if you have a rootkit installed. Well I did. But now it is complaining > about a LKM rootkit. But i'm running a 2.6 kernel, is this still valid then? > > I've checked the md5sums of some commands (ps, kill, ...) and they are equal > to the ones I just downloaded from a debian archive. > > I'm not subscribe to the list - so please cc me, > > thanks, > > grtz > Miek > -- > Serenity now! > -- Frank Costanza (Seinfeld) > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
