On Wed, May 17, 2006 at 05:33:43AM -0700, lantz moore wrote: > Lionel Elie Mamane <[EMAIL PROTECTED]> writes:
>> We are getting chkproc false positive on MySQL and pdns threads. >> A "ps -eLf" shows all pids that "chkproc -v" complains about in the LWP >> column. > can you copy the output from running chkrootkit *and* from > "chkproc -v"? I can't reproduce the problem right now by running chkrootkit; however, it appeared during our nightly cronjob chkrootkit run. Anyway, running "chkproc -v" gives: [EMAIL PROTECTED]:~# /usr/lib/chkrootkit/chkproc -v -v PID 3727(/proc/3727): not in readdir output PID 3727: not in ps output PID 4921(/proc/4921): not in readdir output PID 4921: not in ps output PID 4923(/proc/4923): not in readdir output PID 4923: not in ps output PID 4924(/proc/4924): not in readdir output PID 4924: not in ps output PID 4925(/proc/4925): not in readdir output PID 4925: not in ps output PID 4926(/proc/4926): not in readdir output PID 4926: not in ps output PID 4943(/proc/4943): not in readdir output PID 4943: not in ps output You have 7 process hidden for readdir command You have 7 process hidden for ps command _but_ adding the "-p 3" arguments, as chkrootkit is doing, gives no output (no false positive). -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
