Hello,
running unhide ( unhide-20130526-1.el7.x86_64 ) on CentOS 7 i get
sometimes messages like:
Found HIDDEN PID: 30784
Cmdline: "<none>"
Executable: "<no link>"
"<none> ... maybe a transitory process"
On a second unhide run immediately after it, the process seems to have
vanished. Also, i do not see anything about it in /proc, and rkhunter
and chkrootkit do _not_ detect it.
How can i debug or do some further tests? I want to make sure that this
is a false positive and not a rootkit.
Thanky a lot in advance, ulrich
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
