On Friday 17 of December 2010, Carlos Alberto Lopez Perez wrote:
> On 12/17/2010 12:35 PM, Vladislav Kurz wrote:
> > On Friday 17 of December 2010, Thorsten Göllner wrote:
> >> Hi,
> >>
> >> The other point is that pstree reports a process "zinit" I never saw in
> >> the past:
> >>
> >> <snip>
> >>
> >> But I do not have any idea what it is. And I can not see the process
> >
> >> with "ps":
> > If pstree shows zinit and ps does not, it might mean that you are already
> > rooted (owned, hacked, cracked, etc), and your ps binary was modified to
> > hide the presence of rootkit named zinit.
>
> Good point.
>
> Try to check the md5sum of ps:
>
> # apt-get install debsums
> # debsums procps
>
just for reference - md5sum of /bin/ps on i386/lenny
(checked from freshly downloaded package)
a6094706266c8ec3b068cf964824afee /bin/ps
--
Regards
Vladislav Kurz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
