[Cialug] rootkit bug?
cialug@cialug.org
cialug@cialug.org
Thu, 10 Mar 2005 22:57:46 +0000
Yeah, yeah, I know, I need to upgrade. RH 7.2 is old, but it works!
On the plus side, once I changed the ps command back to "ps auxw", it found no
problems. Maybe RH 7.2 is too old for script kiddies to pay attention to. :-)
--
Tim W.
> timwilson011@mchsi.com wrote:
> > I think there might be a problem in chkrootkit. When it checks lkm, I get:
> > ps: error: Thread display not implemented.
> >
> > And then I get the syntax screen for ps. I also noticed in the log posted
> later
> > in this thread, it looks like lkm was skipped. It says: "Checking `lkm'...
> > Checking `rexedcs'... not found". Notice there isn't a result for lkm before
> it
> > starts checking rexedcs.
> >
> > Looking at chkproc.c, it uses "ps mauxw", whereas chkrootkit 0.44 used "ps
> > auxw". Evidently procps-2.0.7-11 can't handle thread display.
> >
> > --
> > Tim W.
>
> Tim... UPGRADE! :p
>
> Tested it on my "old" Mandrake 9.2 system, seems to work just fine. It
> has procps-3.1.11-2mdk.
>
> ...
> Checking `lkm'... chkproc: nothing detected
> Checking `rexedcs'... not found
> ...
>
> -dc
>
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug