-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Darrell D. Mobley wrote:
> What would this say to you?
>
> [root (at mark) www chkrootkit-0.46a]# ./chkproc
> You have 12 process hidden for readdir command
> You have 12 process hidden for ps command
> [root (at mark) www chkrootkit-0.46a]#
>
It says somebody is trying to hide processes from the ps command.
it is, possibly the ps command was changed and it is not actually
showing all the processes (they compare the output of ps with what is
listed in /proc)
It can also means the system is too much overloaded that ps and listing
/proc does not shows the same info as they are not executed at the same
time but delayed due to the load avg being so high.
I suggest you to try 2 or 3 times more, if the problem persist, then
there is a problem.
I would also like to suggest you to try: rkhunter
www.rootkit.nl
BTW I have it in rpm format here:
http://packages.ecualinux.com/rhel/4/
But I suggest you to compile the rpm from the original:
rpmbuild -ta rkhunter-*.tar.gz
regards
epe
- --
Ing. Ernesto PñÓez Estñ×ez
http://www.ecualinux.com
USA: + 1 404 795 0321
Ecuador: (02)3412402 - (09) 9246504
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEiOQg8sSWs7RP4EMRAkZLAJ4xCn5VxJJTpmrizpBUhFqDWA1AGACgj1iO
F9dpON2ICWAostLjG8C3R9M=
=/Dk3
-----END PGP SIGNATURE-----