wow thank you guys for the feedback
hot_wired & Nico
gr8 explaination
that's help me to learn security
sorry for not being clear
it's redhat 7.3
running latest RELEASE tree
i did re-compile the kernel to the latest did some search chkroot and monitoring with iptraf and looks fine.
tail /etc/rc.sysinit
[ -r /proc/ksyms ] && /bin/cat /proc/ksyms) >/var/log/ksyms.0
# create the crash indicator flag to warn on crashes, offer fsck with timeout
touch /.autofsck
sleep 1
kill -TERM `/sbin/pidof getkey` >/dev/null 2>&1
} &
if [ "$PROMPT" != "no" ]; then
/sbin/getkey i && touch /var/run/confirm
fi
wait
looks fine
BUT
today got email from the server:
Trojan Horses Detected by (WHM)
Hidden Pid detected! [pid 10]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/sbin/init]
oh gawd again?
does it will solve the problem if i just replace it with trusted init ?
how the hell I can find the trustable binary init anyway?
If I'm replace with the original init from the CD will this causing problem since I already running update here and there?
Thanks in advance
Brumie