On Mon, 26 Sep 2011 15:17:05 +0200 Micky L Martin <mickylmar...@gmail.com> wrote: >Already did lsof and process tracing but to no avail. Does anyone have any idea how to find that culprit process?
Wanting to mitigate the situation by modifying the system is understandable but not a best practice as you would be removing "evidence" (if any). I'd first check if it's the usual suspects like prelink and if that's not the case then set a watch on it using inotify, Auditd or loggedfs. If that doesn't lead to clues use a Live CD to check the file system. * IMO the whole topic is a bit off-topic for this mailing list. Feel free to open a thread in a Linux forum or on a general purpose mailing list you frequent (if any). I can usually be found at www.linuxquestions.org/questions/linux-security-4/. Best regards, unSpawn --- ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
