Chuck wrote: [...] > Checking `lkm'... You have 1 process hidden for readdir command > You have 1 process hidden for ps command > chkproc: Warning: Possible LKM Trojan installed [...]
See my message in this ML from 2006-04-03: ### Please keep in mind, that LKM seems to be a false positive many times with chkrootkit, because chkrootkit in this case seems to test only against processes that don't show up everywhere (afaik a diff with ps and /proc). Please rescan after a reboot or so and look at this: Manfred Sindhoff wrote 22 May 2004 in debian-user-german: "The lkm check is known to produce false positives for NPTL kernels (2.6 kernels or 2.4 with NPTL patches). Common multithreaded programs which will show this behaviour are slapd, mozilla and apache2 if you use one of its threading MPMs." (http://www.wiggy.net/debian/developer-securing/) ### HTH Daniel -- Daniel Kraft Heilmeyersteige 131 D-89075 Ulm Tel: +49 700 572383-66 Fax: +49 700 572383-29 Certs: http://www.spotlite.de/web/kontakt.html [EMAIL PROTECTED] *** krafthost - professional business hosting http://www.krafthost.de/ ***
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
