#1  
Old 7th March 2012, 18:08
jcombs_31 jcombs_31 is offline
Member
 
Join Date: Jan 2009
Location: South Florida
Posts: 83
Thanks: 2
Thanked 2 Times in 1 Post
Default Rkhunter warnings

I'm running ISPConfig3 on Squeeze and recently started getting these warnings from RKHunter.

Warning: The following processes are using deleted files:
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 577 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/sbin/mysqld PID: 1076 File: (deleted)/tmp/ib5yQx0w
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1185 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1680 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1748 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1752 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4022 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4137 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4139 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4594 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 5232 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 5236 File: (deleted)/var/run/apache2/ssl_mutex
Process: /usr/sbin/cron PID: 5944 File: (deleted)/tmp/tmpfNmT5sT
Process: /bin/bash PID: 5948 File: (deleted)/tmp/tmpfNmT5sT
Process: /bin/bash PID: 5950 File: (deleted)/tmp/tmpfNmT5sT
Process: /bin/run-parts PID: 5951 File: (deleted)/tmp/tmpfNmT5sT
Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 31274 File: (deleted)/var/run/apache2/ssl_mutex

Sure enough there are no files in /var/run/apache2/

At one point it did appear someone was able to hijack some FTP accounts and upload some php files that I've cleaned up and removed the accounts, but this may be some remnants of issues left behind. Any ideas on the best way to clean this up?
Reply With Quote
Sponsored Links
  #2  
Old 8th March 2012, 13:47
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Run
Code:
rkhunter --propupd
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 8th March 2012, 14:10
jcombs_31 jcombs_31 is offline
Member
 
Join Date: Jan 2009
Location: South Florida
Posts: 83
Thanks: 2
Thanked 2 Times in 1 Post
 
Default

Quote:
Originally Posted by falko View Post
Run
Code:
rkhunter --propupd
Thanks for the reply. I've actually tried that already. Should I see /var/run/apache2/ssl_mutex?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter warnings esezako General 7 27th September 2011 07:28
rkhunter warnings germinator Server Operation 1 10th March 2011 16:54
LXC containers as VM's for ISPConfig 3 - First steps & quick start. CSsab Tips/Tricks/Mods 6 7th February 2011 16:14
RKHunter Warnings sheshes Server Operation 7 18th March 2010 19:34
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 17:59


All times are GMT +2. The time now is 06:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.