Barry Cisna wrote:
On one of our K12LTSP servers at the middle school which is a remote location from were I am at, I have noticed lots of 'makedev' processes always running as of late. I also noticed that this server has beenaccessed by an unknown/unauthorized IP address. I've run rkhunter on thisdaily and of course it is showing the checksums are not correct now:(.
Are you running the latest version of rkhunter and did you try the steps mentioned under "Problems running Rootkit Hunter?" on http:// rkhunter.sourceforge.net/ ? There are some issues regarding prelinking and SELinux that can get you false positives.
If I do a' killall makedev ' the proceses still are shown running in top.When i do a ' ps aux | grep makedev ' nothing is shown running. I m assuming this runs ' at kernel level'?..dduuhh not sure.
Note that the binary is called MAKEDEV and not makedev. By default grep is case-sensitive. You could use grep's -i switch (for case- insensitive) or look for MAKEDEV instead.
Ive also done a few netstat commands to try and figure out what is spawning the makedevprocesses. Anyone have any thoughts on this? Don't have a clue here. K12ltsp v 4.4.1
Like 'man MAKEDEV' says: "MAKEDEV is a program that will create the devices in /dev used to interface with drivers in the kernel." I don't think a lot of MAKEDEV processes should be running during normal operation, probably only during boot time?
Description: Dit deel van het bericht is digitaal ondertekend