Re: Rãspuns: Rãspuns: finding hidden processes

To: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: Rãspuns: Rãspuns: finding hidden processes
From: Tarjei Huse <tarjei@nu.no>
Date: Mon, 03 Dec 2001 23:02:27 +0100
Message-id: <[🔎] 3C0BF673.DD6359B1@nu.no>
References: <[🔎] MBBBIFHBACAKPOHJOIKECEANCAAA.petredaniel@yahoo.com>

Thanks to everyone who answered. I think I found the answer:

I got three apps who has been installed --with-prefix=/usr/local/appname

Their pidfiles will then be in /usr/local/app/var/ not?

Thus they will not be in the mentioned places, am I correct?

(suspecting I am not ;( )

Tarjei

Petre Daniel wrote:
> 
> its okay to me.i didn't followed so close your emails and replies,
> your system was compromised,or you just suspect that?
> is that a permanent online box? can you unplugged it and look closely into
> it?
> chkrootkit is pretty gewd,but personally i trust only me. *grin*
> take care,
> Dani.
> 
> -----Mesaj original-----
> De la: Tarjei Huse [mailto:tarjei@nu.no]
> Trimis: Monday, December 03, 2001 1:01 PM
> Catre: debian-security@lists.debian.org
> Cc: debian-security@lists.debian.org
> Subiect: Re: Rãspuns: finding hidden processes
> 
> Thanks, I got:
> dev_to_tty
> tdev
> /dev/pts/%s
> /dev/%s
> /dev/tty%s
> /dev/pty%s
> /dev/%snsole
> Obsolete W option not supported. (You have a /dev/drum?)
> 
> Any comments? Does this look ok?
> 
> Tarjei
> 
> Petre Daniel wrote:
> >
> > -----Mesaj original-----
> > De la: Tarjei Huse [mailto:tarjei@nu.no]
> > Trimis: Monday, December 03, 2001 9:15 AM
> > Catre: debian-security@lists.debian.org
> > Cc: debian-security@lists.debian.org
> > Subiect: finding hidden processes
> >
> > Hi If I run chkproc from the chkrootid package I get:
> > You have     3 process hidden for readdir command
> > You have     3 process hidden for ps command
> >
> > How can I find these processes?
> > Tarjei
> >
> > try "strings /bin/ps | grep dev" and if ps is corrupted you will see the
> > location
> > of the configuration files for the rootkit.go there and look into
> them.good
> > luck.
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> 
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: R?spuns: R?spuns: finding hidden processes
  - From: Uriah Welcome <precision@valinux.com>

References:
- Rãspuns: Rãspuns: finding hidden processes
  - From: "Petre Daniel" <petredaniel@yahoo.com>

Prev by Date: Rãspuns: Rãspuns: finding hidden processes
Next by Date: Re: R?spuns: R?spuns: finding hidden processes
Previous by thread: Rãspuns: Rãspuns: finding hidden processes
Next by thread: Re: R?spuns: R?spuns: finding hidden processes
Index(es):
- Date
- Thread