I apologize; I botched that one sentence Doing ps -A -m shows the additional threads so this does NOT seem to be what chkrootkit is griping about. ----- Original Message ----- From: "Jason" <monty19@hotmail.com> To: <psyche-list@redhat.com> Sent: Tuesday, October 08, 2002 3:55 PM Subject: Re: LKM Trojan? and some other question > I just ran chkrootkit like this and I don't get the warning regarding the > lkm trojan. I am in fact running named though and doing ps -A shows only > the single process. Doing ps -A -m shows the additional threads so this > does seem to be what chkrootkit is griping about. Have you used > /usr/sbin/lsof -i to see if you have any strange listening ports? Have you > run ps -A -m to list all threads? Have you used weak passwords on your > system? You might also want to look up information specifically on lkm and > see if you can track down anything suspicious. It might also be a really > good idea to use some type of firewalling software like lokkit or > firestarter etc as prevention in the future. > > Just some thoughts. Hope this helps. > > Jason > x2452 > > ----- Original Message ----- > From: "M A Young" <m.a.young@durham.ac.uk> > To: <psyche-list@redhat.com> > Sent: Tuesday, October 08, 2002 2:38 PM > Subject: Re: LKM Trojan? and some other question > > > > On Tue, 8 Oct 2002, Hesty P wrote: > > > > > After installing RH 8.0, I ran chkrootkit and it > > > reports that some LKM trojan might exist. Running: > > > ./chkrootkit -x lkm > > > reveals that there are 6 processes hidden from ps. Is > > > this any cause for concern? I did run ethereal and > > > cannot see anything out of ordinary. > > > > Unless you have some really efficient hackers, it is more likely to be the > > change to ps which no longer shows multiple threads. There is only one > > security advisory for 8.0 (fetchmail), and I doubt hackers have time to > > exploit it yet. > > > > Michael Young > > > > > > > > -- > > Psyche-list mailing list > > Psyche-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/psyche-list > > > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list >
