Package: chkrootkit
Version: 0.54-1
Severity: normal
X-Debbugs-Cc: g_w_schm...@sbcglobal.net
Dear Maintainer,
* What led up to the situation?
Executed chkrotkit and had a error in the report
` Checking `bindshell'... not infected
Checking `lkm'... OooPS, not expected 3778733 value
chkproc: Warning: Possible LKM Trojan installed
chkdirs: nothing detected
Hmm, what does that mean?
grabbed the source and see that while reading thru the output from a 'ps maux'
the pid field is checked against MAX_PROCESSES
ret = atol(p);
if ( ret < 0 || ret > MAX_PROCESSES )
{
fprintf (stderr, " OooPS, not expected %ld value\n", ret);
exit (2);
}
and
#define MAX_PROCESSES 99999
BUT on my system the value of pid_max is much higher
root@desk1:~# cat /proc/sys/kernel/pid_max
4194304
Maybe the tool could use the /proc value rather than
a compiled in value.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-3-amd64 (SMP w/16 CPU threads)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages chkrootkit depends on:
ii binutils 2.35.1-7
ii debconf [debconf-2.0] 1.5.74
ii libc6 2.31-9
ii net-tools 1.60+git20181103.0eebece-1
ii openssh-client 1:8.4p1-3
ii procps 2:3.3.16-5
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information:
chkrootkit/diff_mode: false
chkrootkit/run_daily_opts: -q
chkrootkit/run_daily: false
