By:

Rootkit warning message - a question

January 5, 2014 1.7k

Hi, Should I be worried about this message from rkhunter? Warning: The following processes are using deleted files: Process: /usr/sbin/mysqld PID: 723 File: /tmp/ibbHqlhP Process: /usr/bin/python2.7 PID: 8085 File: /usr/bin/python2.7 Many thanks in advance.

2 Answers

kamaln7 MOD January 5, 2014

Process: /usr/sbin/mysqld PID: 723 File: /tmp/ibbHqlhP

That's fine, MySQL writes temporary tables to /tmp.

Process: /usr/bin/python2.7 PID: 8085 File: /usr/bin/python2.7

It seems like the python2.7 executable was replaced—have you upgraded python recently?

paul.alford51 January 5, 2014

Hi Kamil,

No, This is a pretty fresh droplet. Only added mod-security and denyhosts, then rkhunter and clamav (but clam was installed after the rootkit scan).

Have another answer? Share your knowledge.

Share

Share your Question

Rootkit warning message - a question

Leave a Comment

Almost there!

Report a Bug