[prev in list] [next in list] [prev in thread] [next in thread] 

List:       chkrootkit-users
Subject:    Re: [crt-users] RedHat 8.0
From:       "Mike Vanecek" <ckroot_lists () mm-vanecek ! com>
Date:       2003-01-15 14:41:36
[Download RAW message or body]

---------- Original Message -----------
From: Marc St-Pierre <marc@cyberlogic.ca>
To: users@chkrootkit.org
Sent: Wed, 15 Jan 2003 08:33:49 -0500
Subject: Re: [crt-users] RedHat 8.0

> I have the same situation on two of my servers.  Since the upgrade I have a 
> couple (not 32) hidden processes.  I did notice that when I stop named and 
> mysqld, I then have 0 hidden processes.  Did a rpm -V, but everything is fine.

I have neither of those two services running.

Checking `lkm'... You have    29 process hidden for ps command

[root@www chkrootkit]# ./chkproc -v
PID  3334: not in ps output
....
PID  3943: not in ps output
You have    29 process hidden for ps command

What ps command will show all the information that normally is seen with ps
aux with these guys?

I have this in my /etc/crontab, but it did not run. System has been rebooted
so syslog was restarted. What am I forgetting?

# check for rootkits daily and mail results to root
0 3 * * * (cd /usr/local/chkrookit; ./chkrootkit 2>&1 | mail -s "chkrootkit
output" root)

[root@www chkrootkit]# cd /usr/local/chkrootkit
[root@www chkrootkit]# dir
./            check_wtmpx.c  chklastlog*   chkproc.c       chkwtmp*  
ifpromisc*   README 
etc.

Thank you for the help.


[prev in list] [next in list] [prev in thread] [next in thread]