On Thu, 2007-09-27 at 07:06 -0500, Mike Blezien wrote: > Warning: The following processes are using deleted files: [snipped] > Process: /usr/local/apache/bin/httpd PID: 12461 File: > /tmp/ZCUDfKYmV3 > Process: /usr/bin/perl PID: 29438 File: /tmp/ZCUDfKYmV3 > ============================================================================= > > what does this actual indicate and how can it be corrected or ignored? > This is from the 'deleted_files' test, which is disabled by default because it may give false-positive results.
The result is saying that the system reports the processes, /usr/local/apache/bin/httpd and /usr/bin/perl, have file descriptors open for files which no longer exist, which is suspicious. Look for ALLOWPROCDELFILE in the config file to see about whitelisting. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
