Re: [Rkhunter-users] Hidden process

Fri, 02 Aug 2013 06:53:17 -0700 

Please, update your Unhide version to the latest

You can found in http://unhide-forensics.info/


it fix this problem :)

2013/8/2 absolutely_f...@libero.it <absolutely_f...@libero.it>

> Hi,
>
> thank you for your reply. This is the output:
>
> # unhide sys
> Unhide 20110113
> http://www.unhide-forensics.info
> [*]Searching for Hidden processes through getpriority() scanning
>
> [*]Searching for Hidden processes through getpgid() scanning
>
> [*]Searching for Hidden processes through getsid() scanning
>
> [*]Searching for Hidden processes through sched_getaffinity() scanning
>
> [*]Searching for Hidden processes through sched_getparam() scanning
>
> [*]Searching for Hidden processes through sched_getscheduler() scanning
>
> [*]Searching for Hidden processes through sched_rr_get_interval() scanning
>
> [*]Searching for Hidden processes through kill(..,0) scanning
>
> [*]Searching for Hidden processes through  comparison of results of system
> calls
>
> [*]Searching for Hidden processes through sysinfo() scanning
>
> HIDDEN Processes Found: 1       sysinfo.procs = 90   ps_count = 92
> You have new mail in /var/mail/root
>
> However, processes 17106 and 17149 are not present.
> Do you think I've a security problem?
> Best regards
>
>
>
>
> ----Messaggio originale----
> Da: yje...@security-projects.com
> Data: 29/07/2013 13.18
> A: "absolutely_f...@libero.it"<absolutely_f...@libero.it>
> Cc: <rkhunter-users@lists.sourceforge.net>
> Ogg: Re: [Rkhunter-users] Hidden process
>
> Hi,
> I think this message comes from unhide.
> To verify it, go to your system, and run -as root-
> #unhide sys
> And watch for messages.
> If you find again the same PID, probably you have a problem. If not, this
> could be a transitory process and you can not worry about it
>
> 2013/7/29 absolutely_f...@libero.it <absolutely_f...@libero.it>
> Hi,
>
> I received this alert in rkhunter's mail:
>
> Warning: Hidden processes found:
>          Found HIDDEN PID: 9333 "  ... maybe a transitory process"
>
> When I logged on the server, the process was no longer there.
> How can I diagnose this alert?
> In /var/log/rkhunter.log I've no further details.
>
> Thankyou!
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>
>
>
>
>

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to