Re: Hacked or not ?
I have seen this as well, it is most likely a false positive.
Additionally, slower or more heavily loaded machines seem more likely to
generate false positive for LKM.
As a side note, there really ought to be a way for admins to double check
the output from chkrootkit Google helps little. Any offers..?
Jon
> Hi all,
>
> please advice me - I was on holidays for one week. After return I found
in security mails from router (chkrootkit) following message:
> Checking `lkm'... You have 1 process hidden for readdir command You
have 1 process hidden for ps command
> Warning: Possible LKM Trojan installed
>
> It apeared only onece. From previous and next days reports, the message
is not present.
>
> How could I be sure, the machine is not hacked ?
>
> Many thanks for any response.
>
> Peter Rosa
>
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 13 之 17 篇):