[CentOS] question about unhide / transitory process
Ulrich Hiller
hiller at mpia-hd.mpg.deTue May 5 15:40:23 UTC 2015
- Previous message: [CentOS] IPTABLES question
- Next message: [CentOS] Last few days in CentOS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello, running unhide ( unhide-20130526-1.el7.x86_64 ) on CentOS 7 i get sometimes messages like: Found HIDDEN PID: 30784 Cmdline: "<none>" Executable: "<no link>" "<none> ... maybe a transitory process" On a second unhide run immediately after it, the process seems to have vanished. Also, i do not see anything about it in /proc, and rkhunter and chkrootkit do _not_ detect it. How can i debug or do some further tests? I want to make sure that this is a false positive and not a rootkit. Thanky a lot in advance, ulrich
- Previous message: [CentOS] IPTABLES question
- Next message: [CentOS] Last few days in CentOS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list