This one time, at band camp, Michael Parkinson said:
>
> Umm, I have the same problem.
>
> If I kill Exim and Spamassassin no hidden processes reported.
>
> Under normal load sometimes get 1-7 hidden processes. Was is a state of
> panic but it does appear that Exim and Spamassassin combined do
This one time, at band camp, Michael Parkinson said:
>
> Umm, I have the same problem.
>
> If I kill Exim and Spamassassin no hidden processes reported.
>
> Under normal load sometimes get 1-7 hidden processes. Was is a state of
> panic but it does appear that Exim and Spamassassin combined do
I'm not quite sure if i'm right .. but isn't there a kernel bug
displaying some processes with PID 0 in ps or top.
maybe lkm is using this..
just a thought
greets Werner
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
I
signat
I'm not quite sure if i'm right .. but isn't there a kernel bug
displaying some processes with PID 0 in ps or top.
maybe lkm is using this..
just a thought
greets Werner
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
I
signat
In article <[EMAIL PROTECTED]> you wrote:
> Am I right to assume that this is not the lkm kit, but rather some
> weiredness in PID assignment?
it is a ps/kernel bug, try top.
Greetings
Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/
Am Di, den 25.11.2003 schrieb Johannes Graumann um 21:18:
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
The same here (debian_sid):
[EMAIL PROTECTED]:~# chkrootkit l
In article <[EMAIL PROTECTED]> you wrote:
> Am I right to assume that this is not the lkm kit, but rather some
> weiredness in PID assignment?
it is a ps/kernel bug, try top.
Greetings
Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/
--
To UNSUBSCRIBE,
Am Di, den 25.11.2003 schrieb Johannes Graumann um 21:18:
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
The same here (debian_sid):
[EMAIL PROTECTED]:~# chkrootkit l
Umm, I have the same problem.
If I kill Exim and Spamassassin no hidden processes reported.
Under normal load sometimes get 1-7 hidden processes. Was is a state of
panic but it does appear that Exim and Spamassassin combined do create false
positives.
Can this be fixed?
Mike
Le mer 26/11/20
Umm, I have the same problem.
If I kill Exim and Spamassassin no hidden processes reported.
Under normal load sometimes get 1-7 hidden processes. Was is a state of
panic but it does appear that Exim and Spamassassin combined do create false
positives.
Can this be fixed?
Mike
Le mer 26/11/20
Le mer 26/11/2003 à 01:17, Michael Bordignon a écrit :
> > I was just running 'chkrootkit' and came across this warning:
> >
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
>
> I have the same problem.. I believe it's a bug in chkr
Le mer 26/11/2003 à 01:17, Michael Bordignon a écrit :
> > I was just running 'chkrootkit' and came across this warning:
> >
> > > Checking `lkm'... You have 4 process hidden for ps command
> > > Warning: Possible LKM Trojan installed
>
> I have the same problem.. I believe it's a bug in chkr
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weiredness in PID assignment?
> >
> > T
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weiredness in PID assignment?
> >
> > T
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'...
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'...
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
> I did some reading and
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
> I did some reading and
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahead and manually checked the output of '
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahead and manually checked the output of '
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
On Mon, 2003-05-26 at 23:27, IC0N wrote:
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Sometimes I get 2 or 3 processes, sometimes NONE
>
If a process is created between the output of ps
On Mon, 2003-05-26 at 23:27, IC0N wrote:
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> Sometimes I get 2 or 3 processes, sometimes NONE
>
If a process is created between the output of ps
the prog compare the proc list in /proc and the output of command 'ps'.
So, when the chkrootkit will list in /proc, and then get an output from ps,
the time between two operation is larger enough to create others process
(or die/kill)...
that's why this check is not VERY reliable.
E.
--
Eric L
Bonjour
as Jacques Lavignotte <[EMAIL PROTECTED]> and Jens Schuessler
<[EMAIL PROTECTED]> posted in their mails at 7th of March 2003 i have
exactly the same alert message using chkrootkit:
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Wa
* Jacques Lav!gnotte <[EMAIL PROTECTED]> [07-03-03 14:05]:
>
> Bonjour...
>
> When running from a shell logged on the machine I get :
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
* Jacques Lav!gnotte <[EMAIL PROTECTED]> [07-03-03 14:05]:
>
> Bonjour...
>
> When running from a shell logged on the machine I get :
>
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
Bonjour...
When running from a shell logged on the machine I get :
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
Sometimes I get 2 or 3 processes, sometimes NONE.
Are there knownes 'fals
Bonjour...
When running from a shell logged on the machine I get :
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
Sometimes I get 2 or 3 processes, sometimes NONE.
Are there knownes 'fals
34 matches
Mail list logo
