oot
>
> However, processes 17106 and 17149 are not present.
> Do you think I've a security problem?
> Best regards
>
>
>
>
> Messaggio originale----
> Da: yje...@security-projects.com
> Data: 29/07/2013 13.18
> A: "absolutely_f...@libero.it"
&
Hi,
I think this message comes from unhide.
To verify it, go to your system, and run -as root-
#unhide sys
And watch for messages.
If you find again the same PID, probably you have a problem. If not, this
could be a transitory process and you can not worry about it
2013/7/29 absolutely_f...@l
Hi,
I received this alert in rkhunter's mail:
Warning: Hidden processes found:
Found HIDDEN PID: 9333 " ... maybe a transitory process"
When I logged on the server, the process was no longer there.
How can I diagnose this alert?
In /var/log/rkhunter.log I've no further details.
Thank
On Mon, 26 Sep 2011 15:17:05 +0200 Micky L Martin
wrote:
>Already did lsof and process tracing but to no avail. Does anyone
have any idea how to find that culprit process?
Wanting to mitigate the situation by modifying the system is
understandable but not a best practice as you would be removi
For the binary experts.
I have a situation here. Something hideously but continuously is modifying
the /bin/ executables as common as coreutils and net-tools.
I can verify that from md5sum. First thing I checked was 'ls' and it has a
checksum mismatch. So I removed it and reinstalled it. Then I mo
On Thu, 11 Mar 2010 23:27:56 +0100 William Maddler
wrote:
>The point is that smtp and lmtp aren't supposed to be hidden
processes :)
Then (unless anyone can confirm this is OK behaviour) please check:
- '\ps axfwwwe' output for all Postfix processes and check their
UID and GID matches,
- 'lso
On 03/11/2010 10:46 PM, unsp...@hushmail.com wrote:
> On Wed, 10 Mar 2010 12:34:24 +0100 William Maddler
> wrote:
>> since about a week I'm getting alerts about hidden processes found
> on my system (Debian 5.0 stable 32bit).
>>
>> I've just found that reported PIDs are Postfix (2.5.5-1.1) ltmp
On Wed, 10 Mar 2010 12:34:24 +0100 William Maddler
wrote:
>since about a week I'm getting alerts about hidden processes found
on my system (Debian 5.0 stable 32bit).
>
>I've just found that reported PIDs are Postfix (2.5.5-1.1) ltmp
and smtp mail delivery processes.
>Any clue?
If those proces
Hello all,
since about a week I'm getting alerts about hidden processes found on my
system (Debian 5.0 stable 32bit).
I've just found that reported PIDs are Postfix (2.5.5-1.1) ltmp and smtp
mail delivery processes.
nopal:/var/log# rkhunter --version
Rootkit Hunter 1.3.6
Any clue?
Thx
William
