On Thursday 28 July 2011 9:27:24 am John Horne wrote: > On Thu, 2011-07-28 at 08:52 -0400, Dimitri Yioulos wrote: > > Yago, > > > > Thanks for your response. > > > > Running lsof and fuser returned no output. What does that > > mean? > > Hello, > > What I find a bit surprising is that unhide shows something but > cannot say what it is. I haven't looked at the code but I > assume it tries to find out the process name that is being run > given that it has found a PID number. Perhaps running unhide > and then looking in /proc/xxx (where xxx is the found PID > number) will show something? > > In this instance I can't see that rkhunter can help too much. > If unhide cannot determine the process name as it is running, > then I doubt RKH can do anything after unhide has finished. I > will take another look at the RKH code to see if the process > name can be (or is) displayed as well as the PID. But as far as > I remember the name is displayed if it is present. > > You may want to try running a later version of unhide. I > currently have version 20110113 from > http://www.unhide-forensics.info > > > > > John. > > -- > John Horne, University of Plymouth, UK > Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 > > > --------------------------------------------------------------- >--------------- Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help > often. Plus, you'll get a chance to win $100 to spend on > ThinkGeek. http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users
John, Thanks for jumping in. This really has me concerned. I understand perfectly that rkhunter depends on unhide to find hidden network ports, and I have no reason to believe that unhide doesn't work as advertised. I did update to the latest version, btw, put it still returns the same information. ANY assistance you or anyone can give me to try and resolve this would be greatly appreciated. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
