For LKM, see https://askubuntu.com/questions/5878...ble-klm-trojan
Yes, the packet sniffer is a false positive. |
Quote:
Rkhunter reported the LKM trojan as well a few minutes ago, but now when I run it again it doesn't report it anymore. Is that a cause for concern? How can I determine the exact process and application that chkrootkit thought was suspicious? When I type "./chkproc -v" it says "bash: ./chkproc: No such file or directory". |
Quote:
You have to be in the chkrootkit directory (where you installed chkrootkit) for that command to work. When I run it, it lists quite a number of processes though so I don't know how useful it will be for you. Some general reading: https://www.dedoimedo.com/computers/...m-warning.html |
Ok, I got something concrete this time. :)
This is the output of chkproc: Code:
bluelight@bluelight:/usr/lib/chkrootkit$ ./chkproc -v Code:
bluelight@bluelight:/proc/21961$ cd /proc/21961/ && cat cmdline So I suppose there's not much cause for concern. I wonder why chkrootkit is more likely to report that alarm when snap is installed, though. Thanks a lot, man. I really appreciate the help on this forum from everyone. |
Quote:
nevertheless, it could be communicating with soma.fm somehow. odio - not so much. i could not find the sourcecode anywhere. it could be doing all kinds of datamining on your system and transmitting that to the maintainer. additionally, i do not really trust snappy, who knows in what ways it phones home. |
Quote:
|
Quote:
I forgot to mention yesterday that I also had Opentyrian installled via snap. https://snapcraft.io/opentyrian I've now uninstalled snapd (sudo apt remove snapd), but not every one of its individual applications. Chkrootkit doesn't report LKM trojan for the time being. |
i don't understand ubuntu's obsession with snappy.
opentyrian is available in the repos of both major distributions i am using, one of them debian - so very likely also in ubuntu's repos.:scratch: Quote:
|
All times are GMT -5. The time now is 03:23 PM. |