I hope that is normal and there is no need to worry. Nice one Chuck! ;-)
Regards,
-Nikolay Kichukov
On Sat, 2006-04-29 at 23:23 -0400, Chuck wrote:
i just ran chkrootkit on our vserver host and got this... i suspect this is a
result of the vserver patches and is normal? or should i worry?
On Sunday 30 April 2006 06:18 am, Nikolay Kichukov wrote:
it appears it is a normal report. after discussion with the developers, i find
that our mail server runs many hidden/private processes momentarily and since
we have ssl/tls enabled this is a normal result on port 465.
I hope that is
On Sunday 30 April 2006 05:38 am, Daniel Kraft wrote:
Chuck wrote:
[...]
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
[...]
See my message in this ML from 2006-04-03:
Incredible!!!
with all the new vserver created I have this problem:
chkrootkit result
Possible LKM Trojan installed found!!!
I have try to change many sources of mirror
without to resolve the problem
help me!
reby.
Result of chkrootkit version 0.44:
...
...
Checking `lkm'...
dpkg -l result:
ii kernel-image-2 2.4.27-10sarge Linux kernel image
for version 2.4.27 n 386
ii kernel-package 8.135 A utility for building Linux kernel related
ii kernel-patch-v 1.9.5.5 context switching virtual private servers -
ii kernel-source- 2.4.27-10sarge Linux kernel source
Hi!
Possible LKM Trojan installed found!!!
Please keep in mind, that LKM seems to be a false positive many times
with chkrootkit, because chkrootkit in this case seems to test only
against processes that don't show up everywhere (afaik a diff with ps
and /proc). Please rescan after a reboot or
