1 Feb
2004
1 Feb
'04
05:25
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry to keep replying to my own posts but I fear others may have lost interest. Here's another update On Saturday 31 January 2004 03:52 pm, David Herman wrote: > ran chkroot (chkrootkit-0.43, Sat Dec 27 2003) and it gave the > results > Checking `top'... INFECTED > and > Checking `lkm'... You have 5 process hidden for ps command - ---------------snip--------------- > I'm curious if checkroot couldn't be confused by a newer > version of a command. As for the "5 process hidden for ps", is there > a way for me to find out what these proscesses are? > > As further investigation I installed the previous rpm > (ps-2003.9.20-6.i586.rpm) from SuSE and then ran checkroot again, > this time no errors were reported. Then reinstalled the rpm from the > apt repository and the errors appear again. Continuing my investigation I booted up my test machine w/ SuSE 9.0 ran checkrootkit and it showed all clean. Then I used synaptic and updated ps (ps_2003.11.17-18_i586.rpm) and nothing else then I ran chkroot again and the errors are there. Once again, the rpm leading to the error was downloaded w/synaptic and can be found at ftp://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.0-i386/RPMS.suse-people/ps_2003.11.17-18_i586.rpm and checkrootkit is available at http://www.chkrootkit.org/ the version (chkrootkit 0.43) is dated Sat Dec 27 2003 If it's not a mistake on the part of checkrootkit (which I suspect it may be) then I would suggest that anyone who has performed that update take the appropriate steps. Yes I'm hoping not to do a re-install, I just finished setting this system up from a fresh ftp install less than 2 weeks ago, and it required alot of re-configuration. I really don't want to go through that again if I don't have to. I eagerly await your responses. - -- dh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAHI3UBwgxlylUsJARArfbAJ4kRaRsGN3uchfVL3FKqr2ZX7iIRQCbBKgm clFQvj/cy3ei8112a+OF4qE= =NDHr -----END PGP SIGNATURE-----