Strace and lsof do not work

Dustin Larmeir dustin at larmeir.com
Sun Aug 22 01:10:22 UTC 2010 

Maybe a rootkit?

On Sat, Aug 21, 2010 at 7:40 PM, Geofrey Rainey
<Geofrey.Rainey at tvnz.co.nz>wrote:

> Perhaps it's selinux?
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Vimal
> Sent: Saturday, 21 August 2010 6:42 a.m.
> To: redhat-list at redhat.com
> Subject: Strace and lsof do not work
>
> Hi,
>
> Why am I unable to strace / lsof into certain processes, even as "root"
> user? I am unable to find a concrete answer for this. Please assist.
>
> ========
> root     14940  0.0  0.1  10380  2552 ?        SN   13:02   0:00  \_
> /usr/sbin/exim -q
>
> root at dedicated100 [~]# lsof -p 14940
> COMMAND   PID USER   FD      TYPE DEVICE SIZE NODE NAME
> exim    14940 root  cwd   unknown                  /proc/14940/cwd
> (readlink: Permission denied)
> exim    14940 root  rtd   unknown                  /proc/14940/root
> (readlink: Permission denied)
> exim    14940 root  txt   unknown                  /proc/14940/exe
> (readlink: Permission denied)
> exim    14940 root    0   unknown                  /proc/14940/fd/0
> (readlink: Permission denied)
> exim    14940 root    1   unknown                  /proc/14940/fd/1
> (readlink: Permission denied)
> exim    14940 root    2   unknown                  /proc/14940/fd/2
> (readlink: Permission denied)
> exim    14940 root    3   unknown                  /proc/14940/fd/3
> (readlink: Permission denied)
> exim    14940 root    4   unknown                  /proc/14940/fd/4
> (readlink: Permission denied)
>
> root at dedicated100 [~]# strace -p 14940
> attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
> ========
>
> --
> Regards,
> Vimal Kumar K
>
> | vimalZworld.com * technomenace.com * twitter.com/vimal7370 |
> | E: vimal7370 at gmail dot com             P: +919947450760 |
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> ==========================================================
> For more information on the Television New Zealand Group, visit us
> online at tvnz.co.nz
> ==========================================================
> CAUTION:  This e-mail and any attachment(s) contain information that
> is intended to be read only by the named recipient(s).  This information
> is not to be used or stored by any other person and/or organisation.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list