I am running rkhunter and it says its infected or found hidden processes?
列印
0
First, you need to understand that if your VPS is compromised, then its already too late. So what will rkhunter do? It can only verify that you are hacked to a root level. It will not protect you.
If you just got your new VPS and you run some rkhunter or chkrootkit, that may give you a lot of false positives. An example:
Checking bindshell... INFECTED (PORTS: 465) Checking lkm... You have 90 process hidden for readdir command chkproc: Warning: Possible LKM Trojan installed
You also need to understand that a VPS is a virtual server, so many of the chkrootkit tests that are performed on real machines may fail on your VPS.
For example these binaries may fail the test:
/sbin/insmod /sbin/lsmod /sbin/modprobe
as they are not the default ones that come with the OS, instead they are modified files to work for a virtual server.
So what do you do? If you feel someone has hijacked your VPS (or server) at the root level, open a support ticket and ask support to check it for you.