[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] chkrootkit LKM Detection?

Subject: Re: [cobalt-security] chkrootkit LKM Detection?
From: "TempoWeb" <jl@xxxxxxxxxxxx>
Date: Sun, 5 Oct 2003 20:27:19 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I have it on one raq and think it is to do with Spam Assassin working hard.
Can not find a problem.

John



> Hello,  Just out of the blue, I've just started receiving these in my
chkrootkit output some nights.  Other nights it doesn't show up.
>
> <snip>
> Checking `lkm'... You have     2 process hidden for readdir command
> You have     2 process hidden for ps command
> Warning: Possible LKM Trojan installed
> Checking `rexedcs'... not found
> Checking `sniffer'... eth0 is not promisc
> </snip>
>
> Now, from my research, it soulds like it's common under RedHat?  But, why
did it just start happening, and why only on this box?  None of my other
Raq4's are showing this.
>
> Thanks,
> James
>
>
>
>
> ---------------------------------------------------------------
> http://www.customlynx.com - Low cost web authoring and hosting!
> Get your FREE E-mail address or give them out! (culymail.com)
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- [cobalt-security] chkrootkit LKM Detection?
  - From: James Zawacki

Prev by Date: Re: [cobalt-security] chkrootkit LKM Detection?
Next by Date: Re: [cobalt-security] chkrootkit LKM Detection?
Previous by thread: Re: [cobalt-security] chkrootkit LKM Detection?
Next by thread: Re: [cobalt-security] chkrootkit LKM Detection?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index