[clug] More info

Pearl Louis pearl.louis at anu.edu.au
Mon Mar 29 16:17:24 GMT 2004


> What on earth is going on?  Is this a bug with chkrootkit?  A quick google
> search seems to suggest that chkrootkit gives false positives with the LKM
> Trojan on some recent systems.  Is this the case here?
>
> So any ideas guys?
>
> Pearl

As an added note, I also tried checking the processes named by cding 
to /proc/<proc number>/fd and doing ls -l.

As far as I can tell the "hidden" processes are just normal 
galeon/xmms/kontact stuff with references to mailboxes, galeon's cache etc.  
The only suspicion ones are:

0 -> /dev/null
1 -> /home/tehanu/.xsession-errors
2 -> /home/tehanu/.xsession-errors
3 -> socket:[18061]
4 -> socket:[18065]
5 -> pipe:[18069]
6 -> pipe:[18069]
7 -> socket:[18070]

I'm not sure if that's really suspicious though...

Pearl


More information about the linux mailing list