linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Markus Hästbacka" <midian@ihme.org>
To: Kernel Mailinglist <linux-kernel@vger.kernel.org>
Subject: [OT] Rootkit queston
Date: Mon, 01 Dec 2003 23:11:34 +0200	[thread overview]
Message-ID: <1070313094.11356.6.camel@midux> (raw)

[-- Attachment #1: Type: text/plain, Size: 1014 bytes --]

Hello all!

I've been wondering about what is a rootkit and how it works?

I've been paranoid after I heard that the debian project got
"rootkitted", I ran chkrootkit, and it said that it's possible that I
have a LKM rootkit installed, but the website told me that it's possible
that the LKM test gives wrong information with recent kernels (Running
2.4.22 now).

These processes "were hidden from ps command":
root         0  0.0  0.0     0    0 ?        SWN  Oct28   0:01
[ksoftirqd_CPU0]
root         0  0.0  0.0     0    0 ?        SW   Oct28   4:27 [kswapd]
root         0  0.0  0.0     0    0 ?        SW   Oct28   0:00 [bdflush]
root         0  0.0  0.0     0    0 ?        SW   Oct28   0:01
[kupdated]

They seem to have PID 0, is this normal? Do my system have a rootkit
installed? If it does, how do I remove it?

Or, am I just paranoid?

Thanks for your time.
Regards,
Markus
-- 
"Software is like sex, it's better when it's free."
Markus Hästbacka <midian at ihme dot org>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

             reply	other threads:[~2003-12-01 21:12 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-01 21:11 Markus Hästbacka [this message]
2003-12-01 22:19 ` [OT] Rootkit queston Richard B. Johnson
2003-12-01 23:36   ` Måns Rullgård
2003-12-01 23:47     ` Mike Fedyk
2003-12-01 22:48 ` Bernd Eckenfels
2003-12-05 17:29 ` dean gaudet
2003-12-02 21:24 Albert Cahalan
2003-12-06 13:45 Samium Gromoff
2003-12-06 15:01 ` Måns Rullgård
2003-12-06 15:10   ` Doug McNaught
2003-12-06 15:07 ` Christian
2003-12-08 13:49 ` Richard B. Johnson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1070313094.11356.6.camel@midux \
    --to=midian@ihme.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).