[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is the hidden process?

Is this happening on every scan? Is it possible that it is a process that either starts or ends during the scan, so that ps sees it but by the time the /proc check occurs, it is gone or vice versa? I had not heard of unhide until this thread, but OSSEC has a similar feature, and I have seen this on my mailserver. The conclusion I came to is a routine (but short) process (such as postfix attempting to deliver mail) was firing and/or ending during the scan to cause the false positive?

I'll take a look at unhide.

--b

On Fri, Apr 8, 2011 at 10:15 AM, green <greenfreedom10@gmail.com> wrote:
James Brown wrote at 2011-04-07 23:43 -0500:
> On 08.04.2011 03:20, green wrote:
> > James Brown wrote at 2011-04-07 21:50 -0500:
> >> `unhide` define that there is a hidden process in my system, but don't
> >> indicate it concretely:
> >
> >> HIDDEN Processes Found: 1
> >
> > Hmm, interesting.  Same result here with sys method, buth nothing is detected
> > using the proc and brute methods.
>
> Yes, only with sys method. Your system is 'squeeze' too? (I had no such
> result under lenny).

Yes, Debian squeeze x64.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk2fGG4ACgkQ682C琓ﺡᎴ쀧誥౦鬾쪌聼胕䣑벖핞
UPYAniF3vgZC5EV2qv0nigSwBJQtD7sg
=fSlu
-----END PGP SIGNATURE-----


Reply to: