[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Chkrootkit problem

Subject: [cobalt-security] Chkrootkit problem
From: "Lawrence Frewin of Accommodation.com" <Lawrence@xxxxxxxxxxxxxxxxx>
Date: Sun, 11 Mar 2001 11:09:05 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I have started running chkrootkit (from www.chkrootkit.org) on one of our
RAQ3's with some odd results. If I run Chkrootkit 10 times, one after the
other, on about 3 of those runs it will randomly return the message:

"You have1 process hidden for ps command Warning: Possible LKM Trojan
installed"

If I run "chkrootkit -x", it also occasionally returns:

"PID 26192: not in readdir output
PID 26192: not in ps output
You have     1 process hidden for readdir command
You have     1 process hidden for ps command"

On the other 7 runs out of the 10, chkrootkit finds no problems at all.  The
hidden processes seemingly live and die very quickly.

Running "top -i" shows no untoward processes, there is nothing in crontab,
and nothing else about the machine seems to be unusual.

This problem does not appear on another recently rebuilt RAQ we have
however.

Can anyone enlighten us as to what could be causing it?

LF

Follow-Ups:
- Re: [cobalt-security] Chkrootkit problem
  - From: shimi

References:
- [cobalt-security] What is robots.txt?
  - From: Siao Yuan Tan
- Re: [cobalt-security] What is robots.txt?
  - From: Robbert Hamburg

Prev by Date: Re: [cobalt-security] What is robots.txt?
Next by Date: Re: [cobalt-security] What is robots.txt?
Previous by thread: Re: [cobalt-security] What is robots.txt?
Next by thread: Re: [cobalt-security] Chkrootkit problem

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index