Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree

[Vladislav Kurz <vladislav.kurz@webstep.net>]

On Friday 17 of December 2010, Carlos Alberto Lopez Perez wrote:
> On 12/17/2010 12:35 PM, Vladislav Kurz wrote:
> > On Friday 17 of December 2010, Thorsten Göllner wrote:
> >> Hi,
> >> 
> >> The other point is that pstree reports a process "zinit" I never saw in
> >> the past:
> >> 
> >> <snip>
> >> 
> >> But I do not have any idea what it is. And I can not see the process
> > 
> >> with "ps":
> > If pstree shows zinit and ps does not, it might mean that you are already
> > rooted (owned, hacked, cracked, etc), and your ps binary was modified to
> > hide the presence of rootkit named zinit.
> 
> Good point.
> 
> Try to check the md5sum of ps:
> 
> # apt-get install debsums
> # debsums procps
> 

just for reference - md5sum of /bin/ps on i386/lenny 
(checked from freshly downloaded package)

a6094706266c8ec3b068cf964824afee  /bin/ps

-- 
Regards
        Vladislav Kurz