On Thu, 2011-07-28 at 08:52 -0400, Dimitri Yioulos wrote: > Yago, > > Thanks for your response. > > Running lsof and fuser returned no output. What does that mean? > Hello,
What I find a bit surprising is that unhide shows something but cannot say what it is. I haven't looked at the code but I assume it tries to find out the process name that is being run given that it has found a PID number. Perhaps running unhide and then looking in /proc/xxx (where xxx is the found PID number) will show something? In this instance I can't see that rkhunter can help too much. If unhide cannot determine the process name as it is running, then I doubt RKH can do anything after unhide has finished. I will take another look at the RKH code to see if the process name can be (or is) displayed as well as the PID. But as far as I remember the name is displayed if it is present. You may want to try running a later version of unhide. I currently have version 20110113 from http://www.unhide-forensics.info John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
