SBDavid
Sep 22nd, 2011
Sep 22nd, 2011
Chkrootkit outputs hidden processes and LKM warning
Chkrootkit outputs hidden processes and LKM warnings.
The LKM appear whenever “hidden” processes are found. They’re usually processes that have started between the different checks that chkrootkit runs while processing. Usually, they’re named mysql httpd or exim processes. You can get more information about which processes are being caught using:
cd /root/chkrootkit-0.*
./chkrootkit -x lkm
./chkrootkit -x lkm
When you run it you will probably find that it returns anything from none to several process