Date: Wed, 28 Nov 2007 10:36:29 -0200 From: Luiz Eduardo Roncato Cordeiro <cordeiro@cert.br> To: freebsd-security@freebsd.org Subject: Re: chkrootkit V. 0.47 Message-ID: <200711281036.31180.cordeiro@cert.br> In-Reply-To: <20071128114355.D80898@fledge.watson.org> References: <200711200941.52719.johnpollock@bellsouth.net> <20071128114355.D80898@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wednesday, 28 de November de 2007, Robert Watson <Robert Watson <rwatson@freebsd.org>> wrote: > On Tue, 20 Nov 2007, JP wrote: > > > --and-- > > Checking `lkm'... You have 131 process hidden for readdir command > > chkproc: Warning: Possible LKM Trojan installed > > I wonder if it's trying to use procfs, which isn't mounted by default in > FreeBSD, and as a result reporting that /proc is empty (which is expected). > You could try mounting procfs and see if the message goes away, which would > answer the question -- however, we don't generaly advise mounting procfs > unless it is required, as it is a deprecated feature. In fact it's a bug in the chkproc. We are working on it to be fixed in the next chkrootkit version (0.48). Cordeiro > > Robert N M Watson > Computer Laboratory > University of Cambridge > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711281036.31180.cordeiro>