[clug] More info
Pearl Louis
pearl.louis at anu.edu.au
Mon Mar 29 16:17:24 GMT 2004
> What on earth is going on? Is this a bug with chkrootkit? A quick google
> search seems to suggest that chkrootkit gives false positives with the LKM
> Trojan on some recent systems. Is this the case here?
>
> So any ideas guys?
>
> Pearl
As an added note, I also tried checking the processes named by cding
to /proc/<proc number>/fd and doing ls -l.
As far as I can tell the "hidden" processes are just normal
galeon/xmms/kontact stuff with references to mailboxes, galeon's cache etc.
The only suspicion ones are:
0 -> /dev/null
1 -> /home/tehanu/.xsession-errors
2 -> /home/tehanu/.xsession-errors
3 -> socket:[18061]
4 -> socket:[18065]
5 -> pipe:[18069]
6 -> pipe:[18069]
7 -> socket:[18070]
I'm not sure if that's really suspicious though...
Pearl
More information about the linux
mailing list