This is a very low use server as far as DNS and SQL are concerned so this alarmed me.
Running chkrootkit-0.46a with NAMED and MYSQLD stopped nets the following results:
[email protected] [~/security/chkrootkit-0.46a]# ./chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 1
###
PID 4818: not in ps output
CWD 4818: /usr/local/cpanel/var/run/stunnel
EXE 4818: /usr/bin/stunnel-4.04local
PID 8598: not in ps output
CWD 8598: /usr/local/cpanel/var/run/stunnel
EXE 8598: /usr/bin/stunnel-4.04local
You have 2 process hidden for ps command
However running the same command with NAMED and MYSQLD running nets the following results:
[email protected] [~/security/chkrootkit-0.46a]# ./chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 1
###
PID 4818: not in ps output
CWD 4818: /usr/local/cpanel/var/run/stunnel
EXE 4818: /usr/bin/stunnel-4.04local
PID 8598: not in ps output
CWD 8598: /usr/local/cpanel/var/run/stunnel
EXE 8598: /usr/bin/stunnel-4.04local
PID 10197: not in ps output
CWD 10197: /
EXE 10197: /usr/sbin/named
PID 10198: not in ps output
CWD 10198: /
EXE 10198: /usr/sbin/named
PID 10199: not in ps output
CWD 10199: /
EXE 10199: /usr/sbin/named
PID 10200: not in ps output
CWD 10200: /
EXE 10200: /usr/sbin/named
PID 10201: not in ps output
CWD 10201: /
EXE 10201: /usr/sbin/named
PID 10243: not in ps output
CWD 10243: /var/lib/mysql
EXE 10243: /usr/sbin/mysqld
PID 10244: not in ps output
CWD 10244: /var/lib/mysql
EXE 10244: /usr/sbin/mysqld
PID 10245: not in ps output
CWD 10245: /var/lib/mysql
EXE 10245: /usr/sbin/mysqld
PID 10246: not in ps output
CWD 10246: /var/lib/mysql
EXE 10246: /usr/sbin/mysqld
PID 10247: not in ps output
CWD 10247: /var/lib/mysql
EXE 10247: /usr/sbin/mysqld
PID 10248: not in ps output
CWD 10248: /var/lib/mysql
EXE 10248: /usr/sbin/mysqld
PID 10249: not in ps output
CWD 10249: /var/lib/mysql
EXE 10249: /usr/sbin/mysqld
PID 10250: not in ps output
CWD 10250: /var/lib/mysql
EXE 10250: /usr/sbin/mysqld
PID 10251: not in ps output
CWD 10251: /var/lib/mysql
EXE 10251: /usr/sbin/mysqld
You have 16 process hidden for ps command
I am used to seeing a variable of false positives and from 0-5 random processes which come and go as being hidden from the ps command but this began two days ago and I was posting to see if anyone had advise on what or why.
Thank you in advance...
-greg
Running chkrootkit-0.46a with NAMED and MYSQLD stopped nets the following results:
[email protected] [~/security/chkrootkit-0.46a]# ./chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 1
###
PID 4818: not in ps output
CWD 4818: /usr/local/cpanel/var/run/stunnel
EXE 4818: /usr/bin/stunnel-4.04local
PID 8598: not in ps output
CWD 8598: /usr/local/cpanel/var/run/stunnel
EXE 8598: /usr/bin/stunnel-4.04local
You have 2 process hidden for ps command
However running the same command with NAMED and MYSQLD running nets the following results:
[email protected] [~/security/chkrootkit-0.46a]# ./chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 1
###
PID 4818: not in ps output
CWD 4818: /usr/local/cpanel/var/run/stunnel
EXE 4818: /usr/bin/stunnel-4.04local
PID 8598: not in ps output
CWD 8598: /usr/local/cpanel/var/run/stunnel
EXE 8598: /usr/bin/stunnel-4.04local
PID 10197: not in ps output
CWD 10197: /
EXE 10197: /usr/sbin/named
PID 10198: not in ps output
CWD 10198: /
EXE 10198: /usr/sbin/named
PID 10199: not in ps output
CWD 10199: /
EXE 10199: /usr/sbin/named
PID 10200: not in ps output
CWD 10200: /
EXE 10200: /usr/sbin/named
PID 10201: not in ps output
CWD 10201: /
EXE 10201: /usr/sbin/named
PID 10243: not in ps output
CWD 10243: /var/lib/mysql
EXE 10243: /usr/sbin/mysqld
PID 10244: not in ps output
CWD 10244: /var/lib/mysql
EXE 10244: /usr/sbin/mysqld
PID 10245: not in ps output
CWD 10245: /var/lib/mysql
EXE 10245: /usr/sbin/mysqld
PID 10246: not in ps output
CWD 10246: /var/lib/mysql
EXE 10246: /usr/sbin/mysqld
PID 10247: not in ps output
CWD 10247: /var/lib/mysql
EXE 10247: /usr/sbin/mysqld
PID 10248: not in ps output
CWD 10248: /var/lib/mysql
EXE 10248: /usr/sbin/mysqld
PID 10249: not in ps output
CWD 10249: /var/lib/mysql
EXE 10249: /usr/sbin/mysqld
PID 10250: not in ps output
CWD 10250: /var/lib/mysql
EXE 10250: /usr/sbin/mysqld
PID 10251: not in ps output
CWD 10251: /var/lib/mysql
EXE 10251: /usr/sbin/mysqld
You have 16 process hidden for ps command
I am used to seeing a variable of false positives and from 0-5 random processes which come and go as being hidden from the ps command but this began two days ago and I was posting to see if anyone had advise on what or why.
Thank you in advance...
-greg