Jeff Smelser wrote:
On Friday 04 November 2005 08:06 am, Chris Wells wrote:
/usr/lib/chkrootkit/chkproc -v -v
PID 1230(/proc/1230): not in readdir output
PID 1230: not in ps output
CWD 1230: /var/lib/mysql
EXE 1230: /usr/sbin/mysqld
... (report the same for 1231 - 1238)
You have 9 proce
On Friday 04 November 2005 08:06 am, Chris Wells wrote:
> /usr/lib/chkrootkit/chkproc -v -v
>
> PID 1230(/proc/1230): not in readdir output
> PID 1230: not in ps output
> CWD 1230: /var/lib/mysql
> EXE 1230: /usr/sbin/mysqld
> ... (report the same for 1231 - 1238)
> You have 9 process hidde
Hello folks,
When I arrived at work this morning I noticed an oh-so-fun email from
cron reporting that chkrootkit had found a hidden process. After a good
hour of research (and some replaced binaries, of course) I came to the
conclusion that it was a false positive.
Although, while searchin
