On Sun, 25 Jul 2004 19:09:02 +0200, Michael Schwendt <fedora@xxxxxxxxxxxxxxxxx> wrote: >With chkrootkit comes a tool called "chkproc". Run it with option -v >and examine the listed processes via their hidden directories below >/proc, e.g. > > # cd /usr/lib/chkrootkit-0.43 > # ./chkproc -v > 4348 is a Linux Thread, marking as such... > # cd /proc/4348 Thanks... for example # ./chkproc -v [snip] PID 17243: not in readdir output PID 17243: not in ps output You have 10 process hidden for readdir command You have 10 process hidden for ps command # ps aux |grep 17243 root 15368 0.0 0.1 4444 656 pts/1 R 12:38 0:00 grep 17243 # cd /proc/17243 # ls attr cmdline environ fd mem root statm task auxv cwd exe maps mounts stat status wchan # more cmdline /usr/sbin/clamav-milterun/clamav/clamav-milter.sock -- Steve
