Rkhunter Scan Warning
Posted: Sat Sep 12, 2009 7:53 am
Anyone have a idea why these are starting to show up in the daily scans? Looks like they started after updating to ASL 2.2 on -08-30-2009 . Any idea on how to get rid or fix the issue?
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The following processes are using deleted files:
Process: /usr/libexec/mysqld PID: 2952 File: /tmp/ibGhOcbe
Process: /usr/sbin/httpd PID: 5206 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5207 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5245 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5246 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7799 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7800 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7802 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7803 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 12792 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 17514 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 22549 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 24904 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 24910 File: /var/asl/tmp/asl.lock
Process: /usr/bin/python PID: 25846 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26125 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26261 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26263 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26587 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26588 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26620 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26621 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 27913 File: /var/asl/tmp/asl.lock
Process: /var/ossec/bin/ossec-syscheckd PID: 32072 File: /var/ossec/queue/syscheck/syschecklocal.db-125273713332064.tmp
Process: /usr/sbin/httpd PID: 32212 File: /var/asl/tmp/asl.lock
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The following processes are using deleted files:
Process: /usr/libexec/mysqld PID: 2952 File: /tmp/ibGhOcbe
Process: /usr/sbin/httpd PID: 5206 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5207 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5245 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 5246 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7799 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7800 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7802 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 7803 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 12792 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 17514 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 22549 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 24904 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 24910 File: /var/asl/tmp/asl.lock
Process: /usr/bin/python PID: 25846 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26125 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26261 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26263 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26587 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26588 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26620 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 26621 File: /var/asl/tmp/asl.lock
Process: /usr/sbin/httpd PID: 27913 File: /var/asl/tmp/asl.lock
Process: /var/ossec/bin/ossec-syscheckd PID: 32072 File: /var/ossec/queue/syscheck/syschecklocal.db-125273713332064.tmp
Process: /usr/sbin/httpd PID: 32212 File: /var/asl/tmp/asl.lock