Dan
Moderator
Hello all,
I ran chkrootkit today and found a couple of things a bit curious. I've looked around and it looks like they may be ok but I thought I'd see if anyone else is having the same results.
Now the bindshell is a false positive as that is Exim's tls but the 90 hidden processes for readdir command is a bit troubling.
The last couple lines of the output of ./chkproc -v -v are
although when I try to ls /proc/32607 the folder doesn't even exist so needless to say I am more than a bit confused here.
I ran chkrootkit today and found a couple of things a bit curious. I've looked around and it looks like they may be ok but I thought I'd see if anyone else is having the same results.
Code:
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 90 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed
Now the bindshell is a false positive as that is Exim's tls but the 90 hidden processes for readdir command is a bit troubling.
The last couple lines of the output of ./chkproc -v -v are
Code:
PID 32607(/proc/32607): not in getpriority readdir output
You have 89 process hidden for readdir command