tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Goupinets <ngoupin...@openskysolutions.ca>
Subject Tomcat and chkrootkit
Date Tue, 30 Nov 2004 14:28:44 GMT
Hi everybody,

I tried checking my system (Slackware 9.1) with chkrootkit. The check 
generated the following:

Checking `lkm'... You have   106 process hidden for ps command
Warning: Possible LKM Trojan installed

When running the detailed search for LKM modules, chkrootkit reported a 
whole bunch of Tomcat and mysql processes hidden from the ps command:

ROOTDIR is `/'
###
### Output of: ./chkproc -v -v -p 1
###
PID 11737: not in ps output
CWD 11737: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/data
EXE 11737: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/bin/mysqld
PID 11738: not in ps output
CWD 11738: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/data
EXE 11738: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/bin/mysqld
PID 11739: not in ps output

.....

CWD 11796: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11796: /usr/java/j2sdk1.4.2_04/bin/java
PID 11797: not in ps output
CWD 11797: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11797: /usr/java/j2sdk1.4.2_04/bin/java
PID 11798: not in ps output
CWD 11798: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11798: /usr/java/j2sdk1.4.2_04/bin/java
PID 11799: not in ps output
CWD 11799: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11799: /usr/java/j2sdk1.4.2_04/bin/java
PID 11800: not in ps output
CWD 11800: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11800: /usr/java/j2sdk1.4.2_04/bin/java
PID 11801: not in ps output
CWD 11801: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11801: /usr/java/j2sdk1.4.2_04/bin/java
PID 11802: not in ps output

.....

CWD 11987: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11987: /usr/java/j2sdk1.4.2_04/bin/java
PID 11998: not in ps output
CWD 11998: /usr/local/jakarta-tomcat-5.0.19/bin
EXE 11998: /usr/java/j2sdk1.4.2_04/bin/java
PID 12016: not in ps output
CWD 12016: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/data
EXE 12016: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/bin/mysqld
PID 12022: not in ps output
CWD 12022: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/data
EXE 12022: /usr/local/mysql-standard-4.1.4-gamma-pc-linux-i686/bin/mysqld
You have    77 process hidden for ps command

I am wondering if this is something normal and expected, or I have to 
investigate this issue deeper.

Thank you very much.

Sincerely,
Nick.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message