question about unhide / transitory process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello,

running unhide ( unhide-20130526-1.el7.x86_64 ) on CentOS 7 i get
sometimes messages like:

Found HIDDEN PID: 30784
	Cmdline: "<none>"
	Executable: "<no link>"
	"<none>  ... maybe a transitory process"

On a second unhide run immediately after it, the process seems to have
vanished. Also, i do not see anything about it in /proc, and rkhunter
and chkrootkit do _not_ detect it.

How can i debug or do some further tests? I want to make sure that this
is a false positive and not a rootkit.


Thanky a lot in advance, ulrich
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux