Strace and lsof do not work
Dustin Larmeir
dustin at larmeir.com
Sun Aug 22 01:10:22 UTC 2010
Maybe a rootkit?
On Sat, Aug 21, 2010 at 7:40 PM, Geofrey Rainey
<Geofrey.Rainey at tvnz.co.nz>wrote:
> Perhaps it's selinux?
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Vimal
> Sent: Saturday, 21 August 2010 6:42 a.m.
> To: redhat-list at redhat.com
> Subject: Strace and lsof do not work
>
> Hi,
>
> Why am I unable to strace / lsof into certain processes, even as "root"
> user? I am unable to find a concrete answer for this. Please assist.
>
> ========
> root 14940 0.0 0.1 10380 2552 ? SN 13:02 0:00 \_
> /usr/sbin/exim -q
>
> root at dedicated100 [~]# lsof -p 14940
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> exim 14940 root cwd unknown /proc/14940/cwd
> (readlink: Permission denied)
> exim 14940 root rtd unknown /proc/14940/root
> (readlink: Permission denied)
> exim 14940 root txt unknown /proc/14940/exe
> (readlink: Permission denied)
> exim 14940 root 0 unknown /proc/14940/fd/0
> (readlink: Permission denied)
> exim 14940 root 1 unknown /proc/14940/fd/1
> (readlink: Permission denied)
> exim 14940 root 2 unknown /proc/14940/fd/2
> (readlink: Permission denied)
> exim 14940 root 3 unknown /proc/14940/fd/3
> (readlink: Permission denied)
> exim 14940 root 4 unknown /proc/14940/fd/4
> (readlink: Permission denied)
>
> root at dedicated100 [~]# strace -p 14940
> attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
> ========
>
> --
> Regards,
> Vimal Kumar K
>
> | vimalZworld.com * technomenace.com * twitter.com/vimal7370 |
> | E: vimal7370 at gmail dot com P: +919947450760 |
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> ==========================================================
> For more information on the Television New Zealand Group, visit us
> online at tvnz.co.nz
> ==========================================================
> CAUTION: This e-mail and any attachment(s) contain information that
> is intended to be read only by the named recipient(s). This information
> is not to be used or stored by any other person and/or organisation.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list