OpenVZ Forum: Users » error from RkHunter and ChkRootKit

Home » Mailing lists » Users » error from RkHunter and ChkRootKit

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: error from RkHunter and ChkRootKit [message #12745 is a reply to message #12737]

Tue, 08 May 2007 14:40

Gregor Mosheh
Messages: 62
Registered: April 2007

Member

> Markus Hardiyanto <informatics2k1@yahoo.com> writes:
>> I install RkHunter and ChkRootKit inside VE.
>> Performing 'known good' check...
>> /bin/kill [ BAD ]
(etc)
> Yes and no -- those are modified from the standard packages you would
> have in a normal system, but the modification is to be expected with

Thanks for the reply on this. Starting over the next few days, I was about
to implement our policy of using chkrootkit and rkhunter on customer VEs.
so this was good to know ahead of time.

What is the nature of the modifications, and to which files? We're running
Slackware (actuallly, HostGIS Linux, which is Slackware-based) using a
hand-made template cache I made per some directions I found in the Wiki.
So if some binaries need to be modified, that'd be good to know too.

>> from ChkRootKit:
>> Checking `lkm'... You have 74 process hidden for readdir command
>> chkproc: Warning: Possible LKM Trojan installed
> Again, probably expected: the proc file system within the VE isn't
> identical to a physical system.

Right. Still a scary message to receive. What is the nature of the
discrepancy here? What would show up in the VE's /proc area that wouldn't
also show up in their ps output?

More importantly: Is it even possible for a VE to load a kernel module at
all? Or is a LKM check completely irrelelvant in a VE context?

--
HostGIS
Cartographic development and hosting services
707-822-9355
http://www.HostGIS.com/

"Remember that no one cares if you can back up, only if you can restore."
- AMANDA

Report message to a moderator

[Message index]

		error from RkHunter and ChkRootKit By: Markus Hardiyanto on Tue, 08 May 2007 02:40
		Re: error from RkHunter and ChkRootKit By: Daniel Pittman on Tue, 08 May 2007 12:12
		Re: error from RkHunter and ChkRootKit By: Gregor Mosheh on Tue, 08 May 2007 14:40
		Re: error from RkHunter and ChkRootKit By: Markus Hardiyanto on Wed, 09 May 2007 02:20
		Re: error from RkHunter and ChkRootKit By: Vasily Tarasov on Wed, 09 May 2007 08:56

Previous Topic:	VLAN Setup
Next Topic:	kernel oops

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sun Jul 14 07:02:00 GMT 2024

Total time taken to generate the page: 0.02682 seconds