Hi, I've updated unhide and I still receive warning, now this is /var/log/rkhunter. log:
[10:15:28] Info: Starting test name 'hidden_procs' [10:15:28] Info: Found the 'unhide' command: /usr/local/sbin/unhide [10:15:28] Info: Found 'unhide' command version: 20121229 [10:15:30] Using command 'unhide brute' [ Warning ] [10:15:31] Using command 'unhide proc' [ Warning ] [10:15:33] Using command 'unhide procall' [ Warning ] [10:15:34] Using command 'unhide procfs' [ Warning ] [10:15:34] Using command 'unhide reverse' [ Warning ] [10:15:34] Info: Unable to find the 'unhide.rb' command [10:15:34] Checking for hidden processes [ Warning ] [10:15:34] Warning: Hidden processes found: [10:15:34] Copyright © 2012 Yago Jesus & Patrick Gouin [10:15:34] License GPLv3+ : GNU GPL version 3 or later [10:15:34] NOTE : This version of unhide is for systems using Linux >= 2.6 [10:15:35] Used options: [10:15:35] Copyright © 2012 Yago Jesus & Patrick Gouin [10:15:35] License GPLv3+ : GNU GPL version 3 or later [10:15:35] NOTE : This version of unhide is for systems using Linux >= 2.6 [10:15:35] Used options: [10:15:35] Copyright © 2012 Yago Jesus & Patrick Gouin [10:15:35] License GPLv3+ : GNU GPL version 3 or later [10:15:35] NOTE : This version of unhide is for systems using Linux >= 2.6 [10:15:35] Used options: [10:15:35] Copyright © 2012 Yago Jesus & Patrick Gouin [10:15:35] License GPLv3+ : GNU GPL version 3 or later [10:15:35] NOTE : This version of unhide is for systems using Linux >= 2.6 [10:15:35] Used options: [10:15:35] Copyright © 2012 Yago Jesus & Patrick Gouin [10:15:35] License GPLv3+ : GNU GPL version 3 or later [10:15:35] NOTE : This version of unhide is for systems using Linux >= 2.6 [10:15:35] Used options: [10:15:35] Thank you for your patience ----Messaggio originale---- Da: yje...@security-projects.com Data: 02/08/2013 15.50 A: "absolutely_f...@libero.it"<absolutely_f...@libero.it> Cc: <rkhunter-users@lists.sourceforge.net> Ogg: Re: Re: [Rkhunter-users] Hidden process Please, update your Unhide version to the latest You can found in http://unhide-forensics.info/ it fix this problem :) 2013/8/2 absolutely_f...@libero.it <absolutely_f...@libero.it> Hi, thank you for your reply. This is the output: # unhide sys Unhide 20110113 http://www.unhide-forensics.info [*]Searching for Hidden processes through getpriority() scanning [*]Searching for Hidden processes through getpgid() scanning [*]Searching for Hidden processes through getsid() scanning [*]Searching for Hidden processes through sched_getaffinity() scanning [*]Searching for Hidden processes through sched_getparam() scanning [*]Searching for Hidden processes through sched_getscheduler() scanning [*]Searching for Hidden processes through sched_rr_get_interval() scanning [*]Searching for Hidden processes through kill(..,0) scanning [*]Searching for Hidden processes through comparison of results of system calls [*]Searching for Hidden processes through sysinfo() scanning HIDDEN Processes Found: 1 sysinfo.procs = 90 ps_count = 92 You have new mail in /var/mail/root However, processes 17106 and 17149 are not present. Do you think I've a security problem? Best regards ----Messaggio originale---- Da: yje...@security-projects.com Data: 29/07/2013 13.18 A: "absolutely_f...@libero.it"<absolutely_f...@libero.it> Cc: <rkhunter-users@lists.sourceforge.net> Ogg: Re: [Rkhunter-users] Hidden process Hi, I think this message comes from unhide. To verify it, go to your system, and run -as root- #unhide sys And watch for messages. If you find again the same PID, probably you have a problem. If not, this could be a transitory process and you can not worry about it 2013/7/29 absolutely_f...@libero.it <absolutely_f...@libero.it> Hi, I received this alert in rkhunter's mail: Warning: Hidden processes found: Found HIDDEN PID: 9333 " ... maybe a transitory process" When I logged on the server, the process was no longer there. How can I diagnose this alert? In /var/log/rkhunter.log I've no further details. Thankyou! ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
