Hello, i believe that it is not appropriate to hide processes that, we suppose, are legitimate [1]. It is somewhat easy to parse any regular expression, and customize files/directories names of the rootkit that match it, thus avoiding its detection.
Please, use etc/chkrootkit/chkrootkit.ignore to set all the stuff you want to ignore. Greetings, Marcos [1]https://sources.debian.org/src/chkrootkit/0.55-4/debian/README.FALSE-POSITIVES/
