On Mon, Aug 06, 2012 at 05:37:23PM -0400, rabidblog...@safe-mail.net wrote: > $ lsof | grep anon_inode > anon_inode This is anonymous inode, for example, the process open a file on disk and then unlink it.
After that there isn't a filesystem entry attached to the inode anymore so the others can't open it. And the process which holds the open file can operates it until close it. > > $ lsof | grep dev/null > /dev/null > For /dev/null, note that there are many process open it, mainly used by daemon. Its stdin, stdout, stderr redirected to /dev/null. -- Thanks, Chengwei > I find several anon_inodes and over a dozen /dev/null listings, in some > listings for each there are several processes which are repeated. I'm > expecting this to be a rootkit, but none of the rootkit scanners find > anything. Why are these two listings appearing for various processes? I'm not > running any virtual machines, emulation, shares, printers, servers, etc. but > these listings continue to appear, it doesn't matter what Linux distro I use, > these continue to show, even when disconnected from the internet. > > What are they? > Why are they appearing? > How can I stop these from running? (if they're bad) > > I've searched the web and cannot find anything which explains these to my > satisfaction. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/n1b-if1q8q-...@safe-mail.net
signature.asc
Description: Digital signature
