Rkhunter Scan Warning

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
User avatar
JnascECSI
Forum Regular
Forum Regular
Posts: 306
Joined: Mon Apr 14, 2008 8:29 am
Location: Rhode Island

Rkhunter Scan Warning

Unread post by JnascECSI »

Anyone have a idea why these are starting to show up in the daily scans? Looks like they started after updating to ASL 2.2 on -08-30-2009 . Any idea on how to get rid or fix the issue?

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The following processes are using deleted files:
Process: /usr/libexec/mysqld PID: 2952 File: /tmp/ibGhOcbe
Process: /usr/sbin/httpd PID: 5206 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5207 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5245 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5246 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7799 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7800 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7802 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7803 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 12792 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 17514 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 22549 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 24904 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 24910 File: /var/asl/tmp/asl.lock
Process: /usr/bin/python PID: 25846 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26125 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26261 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26263 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26587 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26588 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26620 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26621 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 27913 File: /var/asl/tmp/asl.lock
Process: /var/ossec/bin/ossec-syscheckd PID: 32072 File: /var/ossec/queue/syscheck/syschecklocal.db-125273713332064.tmp
Process: /usr/sbin/httpd PID: 32212 File: /var/asl/tmp/asl.lock
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Re: Rkhunter Scan Warning

Unread post by scott »

Its all luck really, basically you're timing it just right to see the tmp files created by other security components.
Top
User avatar
JnascECSI
Forum Regular
Forum Regular
Posts: 306
Joined: Mon Apr 14, 2008 8:29 am
Location: Rhode Island

Re: Rkhunter Scan Warning

Unread post by JnascECSI »

10-4 i'll ignore them then, thanks Scott.
James Nascimento
Chief Information Officer
East Commerce Solutions, Inc.
22 Morris Lane
East Providence, RI 02914
Ph. 800-527-5395 x263
Fax. 888-999-5891
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Re: Rkhunter Scan Warning

Unread post by scott »

I made a note to see if we can exclude those in the next round of updates on rkhunter
Top
Post Reply

Return to “General Help and Development Discussion”