Question

Rootkit warning message - a question

Posted January 5, 2014 2.7k views
Hi, Should I be worried about this message from rkhunter? Warning: The following processes are using deleted files: Process: /usr/sbin/mysqld PID: 723 File: /tmp/ibbHqlhP Process: /usr/bin/python2.7 PID: 8085 File: /usr/bin/python2.7 Many thanks in advance.
Add a comment
paul.alford51
By:
paul.alford51

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
kamaln7 January 5, 2014 
Process: /usr/sbin/mysqld PID: 723 File: /tmp/ibbHqlhP

That's fine, MySQL writes temporary tables to /tmp. 
Process: /usr/bin/python2.7 PID: 8085 File: /usr/bin/python2.7

It seems like the python2.7 executable was replaced—have you upgraded python recently?
Reply Report
paul.alford51 January 5, 2014
Hi Kamil,

No, This is a pretty fresh droplet. Only added mod-security and denyhosts, then rkhunter and clamav (but clam was installed after the rootkit scan).
Reply Report

Looking for something else?

Ask a new question Search for more help