On Fri, 28 Mar 2008 12:07:47 +0200 Mika Mäkinen <[EMAIL PROTECTED]> wrote: > I have Debian 4.0 and possibly a rootkit. does []s indicate >a rootkit in ps aux result? I suppose [] does not belong to >regular ps aux result.
No, the brackets show the process is part of what the kernel does like [swapd]. What the number behind 'init' means I don't know but it's common. If you are unsure about processes you can get a second opinion by verifying the integrity using your distributions package tools (if capable) or a filesystem integrity checker like Aide or Samhain (if deployed previously). //As an exception I let this one question through since it isn't in the FAQ. If you want to reply you'll have to subscribe to the list first if you haven't already. Cheers, unSpawn --- ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
