Im sure:
$ rpm -Vf /bin/ps
and, its ok
2010/1/19 Juan Leaniz <juan.leaniz@xxxxxxxxx>:
> Did you check /bin/ps's timestamp to make sure it wasn't modified or
> replaced? Are you able to see the process if you use lsof ?
>
> On Tue, Jan 19, 2010 at 8:46 PM, Yago Jesus <yjesus@xxxxxxxxxxxxxxxxxxxxx>
> wrote:
>>
>> Hi,
>>
>> Playing with Unhide (http://www.security-projects.com/?Unhide) I have
>> found a very strange process (and I think im not rooted lol).
>>
>> Unhide reports this:
>>
>> Found HIDDEN PID: 24111
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24112
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24115
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24118
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24121
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24122
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> If I search -for example- in /proc/24111 directory exists and appears a
>> legitimate process ...
>>
>> But, here is the weird issue, I can´t find it using PS
>>
>> I have tried :
>>
>> #ps -eL | grep 24111
>>
>> #ps axT | grep 24111
>>
>> #ps -aHT | grep 24111
>>
>> I think it is not a 'normal' process, nor a thread, nor a session leader,
>> nor a pgrp ...
>>
>> But, surprise ! , I was able to find it using pstree
>>
>> $ pstree -c -p | grep opera
>> |-opera(28600)-+-operapluginclea(28937)
>> | |-operapluginwrap(30602)
>> | |-{opera}(28630)
>> | `-{opera}(28873)
>> |-operapluginwrap(23493)-+-operapluginwrap(24641)
>> | |-{operapluginwrap}(24111)
>> | |-{operapluginwrap}(24112)
>> | |-{operapluginwrap}(24115)
>> | |-{operapluginwrap}(24118)
>> | |-{operapluginwrap}(24121)
>> | `-{operapluginwrap}(24122)
>>
>> More info:
>>
>> $ uname -a
>> Linux centrino 2.6.27.25-78.2.56.fc9.i686.PAE #1 SMP Thu Jun 18
>> 12:36:07 EDT 2009 i686 i686 i386 GNU/Linux
>>
>>
>> $ rpm -qf /bin/ps
>> procps-3.2.7-20.fc9.i386
>>
>>
>> Thanks !
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Newbie]
[Audio]
[Hams]
[Kernel Newbies]
[Util Linux NG]
[Security]
[Netfilter]
[Bugtraq]
[Photo]
[Yosemite Photos]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Linux Device Drivers]
[Samba]
[Video 4 Linux]
[Git]
[Linux Resources]
[Fedora Users]
