Hidden directories can be detected by comparing the link count

mempodippy / vlany

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

GNU General Public License v3.0

935 stars 193 forks source link

Closed corefx closed 7 years ago

corefx commented 7 years ago

Chkrootkit (chkdirs.c) uses this detection method.

unixfox commented 7 years ago

You're right:

chkdirs: Warning: Possible LKM Trojan installed

mempodippy commented 7 years ago

This can be fixed by adding 'chkdirs' to the GAY_PROCS list in config.py. Will add it to my local version and push it one day. Edit: Should be fixed.