On Sat, Dec 23, 2006 at 03:57:35PM -0500, Matthew Herzog wrote: > Hello. > > I run FreeBSD 6.1-RELEASE-p7 on an UltraSparc 5 machine. > > I ran chkrootkit yesterday and saw this: > > Checking `lkm'... You have 94 process hidden for readdir command > chkproc: Warning: Possible LKM Trojan installed > > Everything else was deemed clean by chkrootkit. > > When I booted into single user mode and ran chkrootkit it said there were > "33 process hidden for readdir command" > > The sha256 checksum is slightly different for the /usr/bin/su binary > on the install > media compared to the /usr/bin/su on the running install. > > I could find nothing definitive on this subject posted online so . . . .
Most likely this is just another false positive with this inherently unreliable problem. Kris
pgpuVQ6v1SgXl.pgp
Description: PGP signature