[olug] lkm problems
Don Kauffman
dekauff at cox.net
Wed Oct 6 16:25:17 UTC 2004
Thank you to both Phil and Dave,
I'm pretty much satisfied that my system has not been compromised and I
will keep a closer eye on it.
The problem: chkrootkit was getting confused. I did a test with rkhunter
provided by the Suse web page that Phil pointed me to. It came back that
lkm is not a problem.
I did my own hack at comparing the two lists but Dave's hack looks a lot
simpler.
Thanks,
Don K
On Tue, 2004-10-05 at 23:42, Phil Brutsche wrote:
> Don Kauffman wrote:
> > I'm running the stock Suse 9.1
> >
> > I have about 17 processes running that are hidden according to
> > chkrootkit-0.43.
>
> Chances are chkrootkit is getting confused by the NPTL multithreading
> mechanism used by all 2.6 kernels.
>
> Check out this link:
>
> http://portal.suse.com/sdb/en/2004/08/pohletz_chkroot_infected_progs.html
More information about the OLUG
mailing list