On 08.04.2011 14:32, Brad Alexander wrote: > Is this happening on every scan?
Yes. Is it possible that it is a process that > either starts or ends during the scan, so that ps sees it but by the time > the /proc check occurs, it is gone or vice versa? I had not heard of unhide > until this thread, but OSSEC has a similar feature, and I have seen this on > my mailserver. The conclusion I came to is a routine (but short) process > (such as postfix attempting to deliver mail) was firing and/or ending during > the scan to cause the false positive? > > I'll take a look at unhide. > > --b Thanks, I'll try to define what is that process. > > On Fri, Apr 8, 2011 at 10:15 AM, green <greenfreedo...@gmail.com> wrote: > >> James Brown wrote at 2011-04-07 23:43 -0500: >>> On 08.04.2011 03:20, green wrote: >>>> James Brown wrote at 2011-04-07 21:50 -0500: >>>>> `unhide` define that there is a hidden process in my system, but don't >>>>> indicate it concretely: >>>> >>>>> HIDDEN Processes Found: 1 >>>> >>>> Hmm, interesting. Same result here with sys method, buth nothing is >> detected >>>> using the proc and brute methods. >>> >>> Yes, only with sys method. Your system is 'squeeze' too? (I had no such >>> result under lenny). >> >> Yes, Debian squeeze x64. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.10 (GNU/Linux) >> >> iEYEARECAAYFAk2fGG4ACgkQ682C琓ﺡᎴ쀧誥౦鬾쪌聼胕䣑벖핞 >> UPYAniF3vgZC5EV2qv0nigSwBJQtD7sg >> =fSlu >> -----END PGP SIGNATURE----- >> >> > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d9f3858.6050...@gmail.com
