[Cialug] rootkit bug?

Thu, 10 Mar 2005 16:49:39 -0600

timwilson011@mchsi.com wrote:
> I think there might be a problem in chkrootkit.  When it checks lkm, I get:
> ps: error: Thread display not implemented.
> 
> And then I get the syntax screen for ps.  I also noticed in the log posted later
> in this thread, it looks like lkm was skipped.  It says: "Checking `lkm'...
> Checking `rexedcs'... not found".  Notice there isn't a result for lkm before it
> starts checking rexedcs.
> 
> Looking at chkproc.c, it uses "ps mauxw", whereas chkrootkit 0.44 used "ps
> auxw".  Evidently procps-2.0.7-11 can't handle thread display.
> 
> --
> Tim W.

Tim... UPGRADE! :p

Tested it on my "old" Mandrake 9.2 system, seems to work just fine. It 
has procps-3.1.11-2mdk.

...
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
...

-dc