Thanks to everybody who was taking the time to sooth the novice ... ;0) Joh
On Tue, 25 Nov 2003 12:18:35 -0800 Johannes Graumann <[EMAIL PROTECTED]> wrote: > Hello, > > This is a testing/unstable system. > > I was just running 'chkrootkit' and came across this warning: > > > Checking `lkm'... You have 4 process hidden for ps command > > Warning: Possible LKM Trojan installed > > I did some reading and made sure the number is not changing (due to > running 'chkrootkit' while new processes are started and /proc and > 'ps' are not syncronized) - it remains 4. > I then went ahead and manually checked the output of 'ls -a /proc' > against that of 'ps -A' and found out, that there are 4 processes in > /proc (3-6) which don't show up as PIDs in the 'ps -A' output. There > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated) > in existence that show a PID of 0. > Am I right to assume that this is not the lkm kit, but rather some > weiredness in PID assignment? > > The same PID thing is happening on my testing/unstable laptop - > compromised as well or something else amiss in the distro, maybe > related to the server break ins? > > Any comment is highly appreciated. > > Joh > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
