Re: "hidden processes" in OpenVZ [message #23632 is a reply to message #23612] |
Wed, 21 November 2007 10:22 ![Go to previous message Go to previous message](/theme/ovz3/images/up.png) ![Go to next message Go to previous message](/theme/ovz3/images/down.png) |
floogy
Messages: 11 Registered: November 2007 Location: Koblenz Germany
|
Junior Member |
|
|
Hello Vasily,
thank you very much for your efforts. It's now much more clearer that these hidden processes are harmless, and one can check that by the pid number "structur". Maybe rkhunter and chkrootkit could have some code, enabled by an extra '--ve'-option, that checks only for hidden processes that aren't hw-node system processes, but instead "virtual" hidden.
I don't know much about rootkits etc. but I understand, that loadeable modules (LKM) aren't possible in ve's. I can't think of hidden processes that are working different, but that's because I don't have the knowledge.
I'm not sure that I did understand everything right, that you were so kind to explain to me, but I understand this sentence, and that eases my mind:
Quote: | I would note that you cannot make process "hidden" from userspace.
|
Again I'm sorry for my poor english, I think, that this will bring up "virtual" issues ... ![Wink](images/smiley_icons/icon_wink.gif)
Please, would you be so kind, to have also a look into my still unanswered question about my "lockedpage issue"?
Problem with lockedpages failcnt 192, limit 344:
http://forum.openvz.org/index.php?t=msg&goto=22868&# msg_22868
|
|
|