I also saw this, and would like to find some docs.
I am pretty sure I am not hacked.
It's RH9 with vanilla 2.4.24. Maybe it's a confusion between RH's NPTL and
a kernel which isn't?
I now checked which procs aren't shown in ps. They are:
The 3 children of ypbind (the father _is_ shown in ps)
Some nautilus procs (probably the same - one is shown in ps, havn't checked
if he is their father)
Some xmms procs (same)
I looked at /proc (with ls, cat, etc.) to see this.
Can anyone point me to relevant docs? Maybe simply google for NPTL? I know
I should have done this before posting - see this not as a question but as
an answer (unless you already know it's a wrong one).
Thanks,
--
Didi
On Fri, Jun 04, 2004 at 08:34:03AM +0300, [EMAIL PROTECTED] wrote:
> ik wrote:
>
> >Hello,
> >
> >I'm using debian as my desktop system. Recently i installed the program
> >"chkrootkit". This program scans the system and give you output regarding
> >it's findings.
> >
> >Sometimes i have 2-8 hidden proccess that does not seen in "ps". So the
> >program tells me i might have some backdor known as LVM.
> >
> >
> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=222179.
> In general - chkrootkit is not updated to handle the threading model of
> kernel 2.6 so
> this check is not reliable. (you do use 2.6 do you?)
>
> >Now, i know that some programs will use hidden proccess for short time, so
> >i
> >
> Really?? I wasn't aware that hidden processes are possible in
> "standard" linux API's.
>
> >do not warry that i really have this LVM, because when i'm on console
> >mode, i do not have any type of report for hidden, but sometiems i have it
> >when i'm in xfree.
> >
> >And now for the question :) I have firewall (amm iptables that sets by
> >shorewall), i have my own user.. and two other users as well. How can i
> >increase my security in a way that i could be relax from warry about
> >backdoors like rootkits ?
> >
> >Please note i read the officail debian document about security ... but it
> >does not seems to help me to solve this type of problem..
> >
> >
> Um. There are many documents about enhancing linux security, you don't
> necessarily have to follow only
> the official one. Google around.
>
> I think that SELinux (there is a debian package for this, at least in
> "unstable", see http://www.nsa.gov/selinux/index.cfm)
> is a pretty mature one but it should be handled with care or you might
> find yourself easely "locked out" of many
> functions on the system. In short what it does is to provide "strong,
> flexible mandatory access control architecture
> incorporated into the major subsystems of the kernel".
>
> >Thank you for all answer
> >
> >Ido
> >
> >
> >
>
>
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
>
> +++++++++++++++++++++++++++++++++++++++++++
> This Mail Was Scanned By Mail-seCure System
> at the Tel-Aviv University CC.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
