[olug] lkm problems
Don Kauffman
dekauff at cox.net
Wed Oct 6 04:05:16 UTC 2004
Since Adam posted his synopsis of security problems I got curious to
find out if I had been compromised yet. I'm running the stock Suse 9.1
install and have the firewall up.
I have about 17 processes running that are hidden according to
chkrootkit-0.43.
"Checking `lkm'... You have 17 process hidden for readdir command
You have 17 process hidden for ps command
Warning: Possible LKM Trojan installed "
How do I determine that this is the case and what do I do about it? I
checked the pids in ps against those in /proc and came up with only two
differences. If there are 17 different ones then I'm way off.
Thanks for any advice. I'm hoping there is a way that doesn't involve
reloading Suse 9.1 on the box because that is a royal pain to have to
do. If that's the only way to do it, I'll get it done somehow.
Don Kauffman
More information about the OLUG
mailing list