Hi,
Should I be worried about this message from rkhunter?
Warning: The following processes are using deleted files: Process: /usr/sbin/mysqld PID: 723 File: /tmp/ibbHqlhP Process: /usr/bin/python2.7 PID: 8085 File: /usr/bin/python2.7
Many thanks in advance.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi Kamil, <br> <br>No, This is a pretty fresh droplet. Only added mod-security and denyhosts, then rkhunter and clamav (but clam was installed after the rootkit scan).
<pre>Process: /usr/sbin/mysqld PID: 723 File: /tmp/ibbHqlhP </pre> <br>That’s fine, MySQL writes temporary tables to /tmp. <br><pre>Process: /usr/bin/python2.7 PID: 8085 File: /usr/bin/python2.7</pre> <br>It seems like the python2.7 executable was replaced—have you upgraded python recently?