After run "./chkrookit -p binarypath report"
XX hidden process on Ps command
XX hidden process showdir (ls)
XX possible lkm installed
the problem is that this alerts disappears after rebooting the server. I was studying about that, and I noticed (http://www.chkrootkit.org
) that this because "proc" activity, I'm running ENSIM pro over RedHat Enterprise, and like you know, there are to many "short" processes be written on this directory.
Thats why I want to run another software, to avoid false possitives.
Do you know another one?
<<Signature to be setup in your profile>>