Test with Chkrootkit
Steven Stern
subscribed-lists at sterndata.com
Sun Jul 25 17:41:43 UTC 2004
On Sun, 25 Jul 2004 19:09:02 +0200, Michael Schwendt
<fedora at wir-sind-cool.org> wrote:
>With chkrootkit comes a tool called "chkproc". Run it with option -v
>and examine the listed processes via their hidden directories below
>/proc, e.g.
>
> # cd /usr/lib/chkrootkit-0.43
> # ./chkproc -v
> 4348 is a Linux Thread, marking as such...
> # cd /proc/4348
Thanks... for example
# ./chkproc -v
[snip]
PID 17243: not in readdir output
PID 17243: not in ps output
You have 10 process hidden for readdir command
You have 10 process hidden for ps command
# ps aux |grep 17243
root 15368 0.0 0.1 4444 656 pts/1 R 12:38 0:00 grep 17243
# cd /proc/17243
# ls
attr cmdline environ fd mem root statm task
auxv cwd exe maps mounts stat status wchan
# more cmdline
/usr/sbin/clamav-milterun/clamav/clamav-milter.sock
--
Steve
More information about the fedora-list
mailing list