IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New How do I check if a patch has been applied
chkrootkit kept reporting You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
. Some googling showed lots of people having this issue after upgrading to 2.6 kernel. Finally found an [link|http://lists.samba.org/archive/linux/2004-March/010322.html|answer], which said there was a patch in March 2004. I wouldn't think I shuold still be having this problem.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New check for sticky bits :-)
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 50 years. meep
New You funny guy
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New Here's the patch.
[link|http://marc.theaimsgroup.com/?l=chkrootkit-users&m=107425472909946&w=2|chkrootkit-users Mailing List Archive] - from January 2004.

Presumably you could check the source versus the information in the patch and see if it's applied.

HTH.

Cheers,
Scott.
New Stop using that program...
It doesn't really do what you think it is doing.

The hidden process is one of the dead or zombied processes running from chkrootkit

Don't use it. Debian user gets hammered with that question probably 50 times a month. People then argue about it and continue to argue when a new "report" from a newb comes along.

It is not that I don't like chkrootkit, its just that you don't need to worry about it... mainly becuase you don't have *BAD* practices like using "root" as your user. Or just applying any package that comes along because it looks cool.

Yeah, argue with me over this. And you soon learn what a I really think about host based "rootkit" checkers.

They are but one tool type.

--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?
SELECT * FROM scog WHERE ethics > 0;

0 rows returned.
     How do I check if a patch has been applied - (drewk) - (4)
         check for sticky bits :-) -NT - (boxley) - (1)
             You funny guy -NT - (drewk)
         Here's the patch. - (Another Scott)
         Stop using that program... - (folkert)

To be in England, in the summertime... close to the edge.
39 ms