Re: What is the hidden process?
On 08.04.2011 14:32, Brad Alexander wrote:
> Is this happening on every scan?
Yes.
Is it possible that it is a process that
> either starts or ends during the scan, so that ps sees it but by the time
> the /proc check occurs, it is gone or vice versa? I had not heard of unhide
> until this thread, but OSSEC has a similar feature, and I have seen this on
> my mailserver. The conclusion I came to is a routine (but short) process
> (such as postfix attempting to deliver mail) was firing and/or ending during
> the scan to cause the false positive?
>
> I'll take a look at unhide.
>
> --b
Thanks, I'll try to define what is that process.
>
> On Fri, Apr 8, 2011 at 10:15 AM, green <greenfreedom10@gmail.com> wrote:
>
>> James Brown wrote at 2011-04-07 23:43 -0500:
>>> On 08.04.2011 03:20, green wrote:
>>>> James Brown wrote at 2011-04-07 21:50 -0500:
>>>>> `unhide` define that there is a hidden process in my system, but don't
>>>>> indicate it concretely:
>>>>
>>>>> HIDDEN Processes Found: 1
>>>>
>>>> Hmm, interesting. Same result here with sys method, buth nothing is
>> detected
>>>> using the proc and brute methods.
>>>
>>> Yes, only with sys method. Your system is 'squeeze' too? (I had no such
>>> result under lenny).
>>
>> Yes, Debian squeeze x64.
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAk2fGG4ACgkQ682C琓ﺡᎴ쀧誥౦鬾쪌聼胕䣑벖핞
>> UPYAniF3vgZC5EV2qv0nigSwBJQtD7sg
>> =fSlu
>> -----END PGP SIGNATURE-----
>>
>>
>
Reply to: