Wackojacko on 21/08/08 20:32, wrote:
Adam Hardy wrote:
However, using
#chkrootkit -x lkm
and
#/usr/lib/chkrootkit/chkproc -v -v
Wacko,
you haven't got a script that does that have you? (Identifying the
process that is hidden from /proc/PID?) Seems a bit laborious doing it
manually more than once.
As per my original mail above, these two commands will show you the
hidden processes.
First one asks chkrootkit why it thinks there is an LKM Trojan on the
system.
Second one is the helper script run by chkrootkit that lists the hidden
processes but can be run directly.
I am still seeing output from these commands, but the daily chkrootkit
email warning of LKM Trojan has now disappeared!!
Thanks for the low-down on chkrootkit.
That's the same behaviour from chkrootkit that I am seeing too. In my case the
hidden processes are all java, children of the process that is listed by ps.
It reminds me of an old bug with java and linux where ps would show multiple
processes for the java process. I doubt it's related to this issue but it makes
me suspect a bug.
Regards
Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
