1 |
On 4 April 2011 22:59, Paul Hartman <paul.hartman+gentoo@×××××.com> wrote: |
2 |
|
3 |
> If you're suspicious of your "ps" binary I would do "which ps" to be |
4 |
> sure ps is the one you really expect. Maybe re-emerge procps to |
5 |
> replace it, too. |
6 |
> |
7 |
>> The tty of the following user process(es) were not found |
8 |
>> in /var/run/utmp ! |
9 |
>> ! RUID PID TTY CMD |
10 |
> |
11 |
> I do get this message (with my X process listed below it) |
12 |
> |
13 |
>> however, rkhunter shows: |
14 |
>> |
15 |
>> Heroin LKM [ Not found ] |
16 |
>> |
17 |
>> Is this different to LKM Trojan mentioned above? |
18 |
> |
19 |
> I think LKM is just shorthand for "Loadable Kernel Module", not the |
20 |
> name of any particular trojan. |
21 |
|
22 |
Thanks Paul, I ran chkrootkit again manually this morning and none of |
23 |
the previous warnings showed up. |
24 |
|
25 |
The warnings were generated last time the cron job run chkrootkit. I |
26 |
think that the box was rather busy in the middle of emerging stuff at |
27 |
the time, so I wonder if that had something to do with it. |
28 |
|
29 |
I remerged procps just as a precaution. |
30 |
-- |
31 |
Regards, |
32 |
Mick |