Re: chkrootkit V. 0.47
Hi,
On Wednesday, 28 de November de 2007, Robert Watson <Robert Watson
<rwatson@freebsd.org>> wrote:
> On Tue, 20 Nov 2007, JP wrote:
>
> > --and--
> > Checking `lkm'... You have 131 process hidden for readdir command
> > chkproc: Warning: Possible LKM Trojan installed
>
> I wonder if it's trying to use procfs, which isn't mounted by default in
> FreeBSD, and as a result reporting that /proc is empty (which is expected).
> You could try mounting procfs and see if the message goes away, which would
> answer the question -- however, we don't generaly advise mounting procfs
> unless it is required, as it is a deprecated feature.
In fact it's a bug in the chkproc. We are working on it to be fixed in the
next chkrootkit version (0.48).
Cordeiro
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)