search for: lkm

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not...

...it to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir command chkproc: Warning: Possible LKM Trojan installed Checking `rexedcs'... not found Checking `sniffer'... vr0 is not promisc Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted ==================</SNI...

Hi expeRts, I would like to calculate weighted mean by two factors. My code is as follows: R> tmp <- by(re$meta.sales.lkm[, c("pc", "sales")], re$meta.sales.lkm[, c("size", "yr")], function(x) weighted.mean(x[,1], x[,2])) The result is as follows: R> tmp size: micro yr: 1994 [1] 1.090 -----------------------------------------------...

Hello, last night, my chkrootkit crontab returned an alarm message : > Checking `lkm'... You have 1 process hidden for readdir command > You have 2 process hidden for ps command > Warning: Possible LKM Trojan installed Some research on google make me think it's probably a false positive. I tried few things : re-launching chkrootkit : "Checking `lkm'...

Hi all again, I must add, there are no log entries after June 9, 2004. "LKM" message first apeared June 8, 2004, after this day, there is nothing in /var/messages, /var/security ..... How could I look for suspicious LKM module ? How could I find it, if the machine is hacked and I can not believe "ls", "find" etc. commands ? Peter Rosa

Hi all ! It seems, that new kernel 2.6.24 offers new feature, that enables me to create pair of virtual Ethernet devices and connect them to each other. This module is called "VETH". However, I have not found any userspace app to use this feature. Please help ! -- -Alexey Eremenko "Technologov"

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next part -------------- A non-text a...

Ok, I've googled for 15+ minutes, and have yet to find a usable answer, so I'm going to annoy everyone and ask here. I have, in my posession, a creative VoIP blaster. I have installed the fobbit LKM and I can see the device. Can I use it with asterisk in any meaningful way, shape, or form? I'd love to be able to buy an IP phone, ATA, or FXO card, but lack the funds at the moment (won't get into why a grandstream phone at $65 is out of my budget, just take my word for it). Can I turn...

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

Hello everyone, I want to get a 1km by lkm grid raster image using my csv data. If I call latitude=a, longitude=b and preciptation=c. a<-(1,2,3,4,5) b<-(6,7,8,9,10) c<-(10,20, 30,40, 50) Then I found an example in r help which goes like pts = read.table("file.csv",......) library(sp) library(rgdal) proj4string(pts)=CR...

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

I am inquiring on the list if anybody knows if the latest plus kernel includes the fixes for MD RAID-1 where it didn't pass down the BIO_RW_SYNC flag on cloned bios. This bug was discovered in December by the DRBD project and patches were posted by Lars Ellenberg from that project to the LKM which were then merged into the 2.6.19 kernel. The bug causes severe performance penalties for applications that use the BIO_RW_SYNC flag on block requests. The fix is a simple 2 to 4 line change where it ORs the sync flag on the cloned bios. If it isn't in the plus kernel, how would one go...

...FreeBSD Security" <freebsd-security@freebsd.org> >Message-ID: <016301c4506e$947644e0$3501a8c0@pro.sk> > >Hi all, > >please advice me - I was on holidays for one week. After return I found in >security mails from router (chkrootkit) following message: >Checking `lkm'... You have 1 process hidden for readdir command >You have 1 process hidden for ps command >Warning: Possible LKM Trojan installed > >It apeared only onece. From previous and next days reports, the message is >not present. > >How could I be sure, the machine is not...

...rt of freebsd structure, with a dedicated server and stuff? ... It's far better then updating by cvs. 2- for future plans, is there any possibility to customize or add some features to kernels on official freebsd-update server? IPSEC is quite important on security. Since there isn't a LKM to use IPSEC (correct me if I'm wrong), when someone compiles the kernel to add it, he looses the freebsd-update kernel update. Regards, --aristeu PS: is there a way to use IPSEC without compiling the kernel?

...Rootkit 'Dreams Rootkit'... [ OK ] Rootkit 'Duarawkz'... [ OK ] Rootkit 'Flea Linux Rootkit'... [ OK ] Rootkit 'FreeBSD Rootkit'... [ OK ] Rootkit 'Fuck`it Rootkit'... [ OK ] Rootkit 'GasKit'... [ OK ] Rootkit 'Heroin LKM'... [ OK ] Rootkit 'HjC Kit'... [ OK ] Rootkit 'ignoKit'... [ OK ] Rootkit 'ImperalsS-FBRK'... [ OK ] Rootkit 'Irix Rootkit'... [ OK ] Rootkit 'Kitko'... [ OK ] Rootkit 'Knark'... [ OK ] Rootkit 'Li0n Worm...

...te it, is A or B used? 2) The question of whether or not to use bzip2 was raised in the comment section of your blog. How easy would it be to implement a plugable (or more generic) interface between ZFS and the compression algorithms it uses such that I can modload a bzip2 compression LKM and tell ZFS to use that? I suspect that doing this will take extra work from the Solaris side of things too... 3) Given (1), are there any thoughts about being able to specify different compression algorithms for different directories (or files) on a ZFS filesystem? And thanks for t...

Hi all, I am a newbie to linux and this is my first mail to this group. We have a PC running Centos version 2.6.9-42.0.2.EL. I needed to load a router software called Nistnet and it would not run properly. It is looking for RTC (Real Time clock) support as a module. I 've gone through the LKM Loadable Kernel module support under Documentation pages of Linux.org and did the following: located the kernel release: uname -r 2.6.9-42.0.2.EL next navigated to the /usr/src/kernels/2.6.9-42.0.2.EL-i686 (this is where the kernel is located on this PC) then issued a make menuconfig command It...

...xtables_load_ko(), which in turn calls xtables_insmod(), which calls get_modprobe() to get the path of the binary from the proc filesystem (if it wasn't explicitly specified with --modprobe). To that end, get_modprobe() attempts to open() /proc/sys/kernel/modprobe, which may be absent (eg. if LKM support is not enabled). In that case, the failed open() will set errno to ENOENT, clobbering whatever value it may have held from the first failed call to iptc_init(). This will result in a confusing error being reported... iptables vx.x.x: can't initialize iptables table 'filter'...

Please see: http://www.freebsd.org/handbook/anoncvs.html For full information on using ``anoncvs'' to fetch FreeBSD CVS repository (or buildable source) bits. If you're also interested in setting up your own regional AnonCVS server, please see: ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-CVS/anoncvs.shar For some setup instructions on doing this (essentially the list of steps I

Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny