I have an RKHunter 1.3.6 job running, which more or less often returns a
warning on the "running processes" check.
The log says that a file named "backdoor, adore.o, mod_rootme.so,
phide_mod.o, lbk.ko, vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o,
hydra, hydra.restore, ras2xm, vobiscum, sshd3, system, t0rnsb, t0rns, t0rnp,
rx4u, rx2me, crontab, sshdu, glotzer, holber, xhide, xh, emech, psybnc,
mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o" has been
found and must be verified with "lsof -F n -w -n".
Lsof runs ran immediately (without any latency) after rkhunter don't show
any match, if not partial matches of appropriate files, like:
n/var/run/dbus/system_bus_socket
Whiche starts with 'system'.
How should I proceed? Is this a problem with RKHunter?
Thanks,
D.
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
