On Mon, Aug 06, 2012 at 05:37:23PM -0400, rabidblog...@safe-mail.net wrote:
$ lsof | grep anon_inode
anon_inode
This is anonymous inode, for example, the process open a file on disk
and then unlink it.
After that there isn't a filesystem entry attached to the inode anymore
so the others can't
$ lsof | grep anon_inode
anon_inode
$ lsof | grep dev/null
/dev/null
I find several anon_inodes and over a dozen /dev/null listings, in some
listings for each there are several processes which are repeated. I'm expecting
this to be a rootkit, but none of the rootkit scanners find anything. Why
rabidblog...@safe-mail.net:
$ lsof | grep anon_inode anon_inode
$ lsof | grep dev/null /dev/null
I find several anon_inodes and over a dozen /dev/null listings, in
some listings for each there are several processes which are repeated.
So what? There is nothing unusual about that.
3 matches
Mail list logo