[On 04 Dec, @07:24, Paul wrote in "Re: chkrootkit and linux 2.6 ..."] > I see this same behavior with 2.6.0-test8. Chkrookit comes up with 42 > processes possibly caused by LKM rootkit. I would have 69 processes > running with 42 of them owned by root. When I boot back to 2.4.23, it > comes up with the 4 mentioned in the bug. I'm no Linux master by any > means, but I'm just guessing that being owned by root is the kicker in > this instance. Either that, or I'm screwed ;)
a 'chkrootkit -x lkm' was helpfull for me in this case - looks like the lkm test is fooled by threaded applications: xmms, named, etc... On my laptop killing X was enough the shut chkrootkit up: with X: 2 hidden processes without: none grtz Miek
