Hi,
I just reinstalled my server and set up rkhunter. Now I receive warnings like
this:
"Warning: Suspicious file types found in /dev:
/dev/shm/
7gbhujb54g8z9hu43jre8: data"
A closer look with "ipcs -am" (manually translated into english, so the headers
may differ):
"------ Shared Memory: Segments --------
Key shmid Owner Privileges Bytes nattch State
0x01a4379d 851968 root 600 1200712 4
------ Semaphore fields --------
Key SemID Owner Privileges nsems
0x00000000 0 root 600 1
0x79a4352c 393217 root 666 1
0x00000000 3112962 apache 600 1
0x00000000 3145731 apache 600 1
0x00000000 3178500 apache 600 1
0x00000000 3211269 apache 600 1"
A further look at the shared memory segements:
"httpd 16492 root mem REG 144,220
851968 (deleted)/VE38157-SYSV01a4379d (stat: No such file or directory)
httpd 16494 apache mem REG 144,220
851968 (deleted)/VE38157-SYSV01a4379d (stat: No such file or directory)
httpd 16495 apache mem REG 144,220
851968 (deleted)/VE38157-SYSV01a4379d (stat: No such file or directory)
httpd 16496 apache mem REG 144,220
851968 (deleted)/VE38157-SYSV01a4379d (stat: No such file or directory)"
I understand the basic concept of shared memory but I cannot tell if the apache
is misconfigured or exploited, can someone please advice?
Thanks in advance,
Stefan
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
