Date: Wed, 27 Aug 2003 09:40:34 -0500 From: "Lewis Watson" <lists@visionsix.com> To: <freebsd-questions@freebsd.org> Subject: Re: Chkrootkit anomaly Message-ID: <00f001c36ca9$2c47ed50$df0a0a0a@vsis169> References: <DF09779544EFD511A17D0002A587F9D305AA6699@EXCHANGE07>
next in thread | previous in thread | raw e-mail | index | archive | help
> Since there have already been a couple of questions on this I thought I'd > see if anyone could shed some light on something I've noticed since I > started running chkrootkit. It runs every 15 minutes (overkill? Nah.) in > quiet mode to cut down on noise in the logs, and sporadically I get these > notifications: > > You have 1 process hidden for readdir command > You have 1 process hidden for ps command > Warning: Possible LKM Trojan installed > > These messages will appear only on the odd occasion, seemingly completely at > random. > False positives or very crafty rootkit? > Any advice would be greatly appreciated! Hi Sean, I too have occasionally seen these, I am running 4.7-RELEASE. Also, thanks for mentioning -q, I never knew there was such a thing :-) Lewis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00f001c36ca9$2c47ed50$df0a0a0a>