[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] chkrootkit LKM Detection?

Subject: [cobalt-security] chkrootkit LKM Detection?
From: "James Zawacki" <jzawacki@xxxxxxxxxxxxxx>
Date: Sun, 05 Oct 2003 10:49:19 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello,  Just out of the blue, I've just started receiving these in my chkrootkit output some nights.  Other nights it doesn't show up.

<snip>
Checking `lkm'... You have     2 process hidden for readdir command
You have     2 process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... eth0 is not promisc
</snip>

Now, from my research, it soulds like it's common under RedHat?  But, why did it just start happening, and why only on this box?  None of my other Raq4's are showing this.

Thanks,
James




---------------------------------------------------------------
http://www.customlynx.com - Low cost web authoring and hosting!
Get your FREE E-mail address or give them out! (culymail.com)

Follow-Ups:
- Re: [cobalt-security] chkrootkit LKM Detection?
  - From: Eric Frisch
- Re: [cobalt-security] chkrootkit LKM Detection?
  - From: TempoWeb
- Re: [cobalt-security] chkrootkit LKM Detection?
  - From: Antonio

Prev by Date: Re: [cobalt-security] Raq3 attempt of OpenSSL Fix
Next by Date: Re: [cobalt-security] chkrootkit LKM Detection?
Previous by thread: Re: [cobalt-security] Raq3 attempt of OpenSSL Fix
Next by thread: Re: [cobalt-security] chkrootkit LKM Detection?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index