> > Checking `lkm'... You have 3 process hidden for readdir command > > You have 3 process hidden for ps command > > Warning: Possible LKM Trojan installed > > > > Sometimes chkrootkit returns nothing detected and every time rkhunter > > tells me nothing is wrong. Is this a false positive with chkrootkit and > > debian woody?
No. I dont get that error. What I can note is that one time one ofthe servers got stuffed up for some reason (the RAID array borked at the wrong moment or something) and something weird happened to /proc or such. We actually didn't know this at the time, so we ran chkrootkit (the backports.org version) and found a similar error to your's. We were all frantic, checking the backups and everything, until we checked the logs and saw RAID error. We rebooted the server and re-ran chkrootkit and all was fine. This certainly does not mean the same in your case, but just though you might want to know. Jas
