[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: R?spuns: R?spuns: finding hidden processes

On Mon, Dec 03, 2001 at 11:02:27PM +0100, Tarjei Huse wrote:
> Thanks to everyone who answered. I think I found the answer:
> I got three apps who has been installed --with-prefix=/usr/local/appname
> Their pidfiles will then be in /usr/local/app/var/ not?
> Thus they will not be in the mentioned places, am I correct?
> (suspecting I am not ;( )

No.. chkrootkit tries to look for processes in /proc not their normal pid
files.. basically what it does is tries to cd to /proc/(1..65535)/ and
reports any errors as hidden processes..

- U

"Any setuid root program that does an exec() somewhere is just a less 
user friendly version of su."   -- Olaf Kirch on bugtraq 2000-08-07
 1024D/6388D686   7928 83A9 16CD 52FD F77F  11ED FC04 B683 6388 D686

Reply to: