On Monday, 2004-01-26 at 21:38:54 +0100, Yannick Roehlly wrote: > Thiago Ribeiro <[EMAIL PROTECTED]> writes:
> > Hi, When I run tiger, I got a follow error: NEW: --WARN-- > > [rootkit004f] Chkrootkit has detected a possible rootkit installation > > NEW: Warning: Possible LKM Trojan installed But I alredy list my > > proccess and did find nothing... What's can be this? > Are you runing nautilus? > Apparently, some of the nautilus processes are hidden (I don't know why) > and thus make chkrootkit complain about possible LKM infection. > Try a: $ chkrootkit -x lkm chkrootkit has an impedance mismatch with ps. This has been discussed before. antalya:~# chkrootkit -x lkm ROOTDIR is `/' ### ### Output of: ./chkproc -v -v ### PID 3: not in ps output CWD 3: / EXE 3: / PID 4: not in ps output CWD 4: / EXE 4: / PID 5: not in ps output CWD 5: / EXE 5: / PID 6: not in ps output CWD 6: / EXE 6: / You have 4 process hidden for ps command ps -ef lists these: root 0 1 0 Jan19 ? 00:00:00 [ksoftirqd_CPU0] root 0 1 0 Jan19 ? 00:03:40 [kswapd] root 0 1 0 Jan19 ? 00:00:00 [bdflush] root 0 1 0 Jan19 ? 00:00:06 [kupdated] So ps does not give chkrootkit a PID, but /proc has those processes. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |
