Warning: Possible LKM Trojan installed

general

Hi everyone, still learning and this morning I've received this from chkrootkit.

/etc/cron.daily/chkrootkit:
You have     1 process hidden for readdir command
You have     1 process hidden for ps command
Warning: Possible LKM Trojan installed
eth0: PACKET SNIFFER(/sbin/dhclient[200])

Then I've tried:

myhost:~# chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 2
###

Which, as you see, returned nothing. I've search around and it seems it is possible that chkrootkit returns false positives.

I use the 2.4.29-linode39-1um kernel with Debian Sarge.

Can someone explain to me what triggered this false positive today? Is it installation/upgrade of modules on the host-side?

Thanks!

0 Replies

Reply

Description

Please enter an answer

Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

Warning: Possible LKM Trojan installed

0 Replies

Reply

Tips: