[olug] lkm problems
Daniel Linder
dan at linder.org
Wed Oct 6 16:53:18 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
<quote who="Dave Hull">
> I have no idea how chkrootkit works, but you can use a command line like
> this to
> compare was ps shows to what is in /proc:
>
> ls -d /proc/* | grep [0-9] | wc -l; ps ax | wc -l
A system I had the pleasure *cough* to clean up after a root kit hack had
installed its own copies of ps, ls, and find. When it saw me doing a ls
of different directories, it automatically removed the ones it was using
to hide its files.
The way I got around it was to use the "echo *" command ... not pretty
when trying to view files, but it works. :)
Dan
- - - - -
"I do not fear computer,
I fear the lack of them."
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFBZCL+NiBNyqUzGb8RAoZkAJ9AAQN7UFXT0YU1YYG6MJnZR6qrUQCcCDUB
dppUllcH4+IF9AKVLeU31Hw=
=Cwnv
-----END PGP SIGNATURE-----
More information about the OLUG
mailing list