Stephen John Smoogen wrote:
On Sat, Jul 19, 2008 at 2:48 PM, listmail <listmail@xxxxxxxxxxxxx> wrote:
I am running CentOS 5 on a dual-dual-core Intel machine, and I am seeing
a load average of between 0.35 and 0.50 while the machine is idle, i.e.
no processes appear to be running.
Download the livecd and boot using it. See if the load average still
occurs. Check to see if you have any traffic occuring on the network
from the system. [I had a box that was kernel trojaned that had a load
average all the time when it was on the wire and did not when it
didn't. The kernel trojan was looking for a particular bit of traffic
that would open up its backdoor to.]
its been ages since i've had to do this, but in years past, rkhunter was
really good at finding rootkits like this. worst case, you put it on
alive CD and run it from there.
I believe this is the source home page,
http://www.rootkit.nl/projects/rootkit_hunter.html
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
