On Tuesday 03 August 2004 03:18 pm, Trevor Rhodes wrote: > On Wed, 4 Aug 2004 05:11 am, Bryan Phinney wrote: > > chkrootkit -x lkm > > All I get from this command is the following... > > ROOTDIR is `/'
Okay, try to cd to the /usr/lib/chkrootkit directory and then issue the command. You can also issue the command: /usr/lib/chkrootkit/chkproc -v -v directly as this is the command that trigers the lkm rootkit warning when it detects processes that are not reported by the ps command. On some of my systems, some of the mysql processes are hidden and show up with this command. Others include the monitoring daemon for my APC UPS and I think a couple of others have done so in the past. Usually, when I run my chkrootkit process, I separately have a crond to run the chkrootkit -x lkm to get a listing of those hidden processes to make sure that I am not missing anything. If a rootkit process is running and is hidden, you should see it listed there so that at least you KNOW there is a problem. Recovering from a rootkit is non-trivial. -- Bryan Phinney
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
