Date: Sat, 23 Dec 2006 21:35:58 -0500 From: "Matthew Herzog" <matthew.herzog@gmail.com> To: "Edwin Groothuis" <edwin@mavetju.org>, "Matthew Herzog" <matthew.herzog@gmail.com>, freebsd-stable@freebsd.org Subject: Re: chkrootkit finds 94 process hidden for readdir Message-ID: <7cf39bb60612231835y504ff65ah554dfb007fe3af5e@mail.gmail.com> In-Reply-To: <20061224014523.GB90165@k7.mavetju> References: <7cf39bb60612231257p1a8a62c3g43a9da939306a59e@mail.gmail.com> <20061224014523.GB90165@k7.mavetju>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah, I saw postings that refered to "time difference in ps and processing /proc" but did not know whether the postings could be trusted. I see no strange behavior on the machine. I run chkrootkit about once a month just in case. On 12/23/06, Edwin Groothuis <edwin@mavetju.org> wrote: > On Sat, Dec 23, 2006 at 03:57:35PM -0500, Matthew Herzog wrote: > > I run FreeBSD 6.1-RELEASE-p7 on an UltraSparc 5 machine. > > I ran chkrootkit yesterday and saw this: > > Checking `lkm'... You have 94 process hidden for readdir command > > chkproc: Warning: Possible LKM Trojan installed > > I thought this was related to the time difference in "ps" and the > processing of the /proc directory. > > Edwin > > -- > Edwin Groothuis | Personal website: http://www.mavetju.org > edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7cf39bb60612231835y504ff65ah554dfb007fe3af5e>