Does directadmin have hidden processes?

[Chrysalis]

I ran chkrootkit on a machine that recently rebooted itself and got this.

Checking `lkm'... You have 17 process hidden for ps command
Warning: Possible LKM Trojan installed

this also looks suspect

bind named 373 4 udp4 *:49152 *:*

I then ran chkrootkit on my test directadmin box and got this

Checking `lkm'... You have 24 process hidden for ps command
Warning: Possible LKM Trojan installed

but no unusual open ports this time

I ran chkrootkit on all my other servers without directadmin on and no hidden processes, so right now I am trying to diagnose if my 2 servers have been exploited or not.

 

[Chrysalis]

ignore this I found what it was.

 

[resolveit]

ignore this I found what it was.

Would you care to enlighten us with your findings?

Regards,
Onno Vrijburg

 

[Chrysalis]

linux_base-8 port creates some hidden processes, I found the relevant files insie /usr/compat/linux/proc. It was nothing to do with directadmin it just happened my 2 directadmin servers were the only ones that had this port installed.

 

[resolveit]

linux_base-8 port creates some hidden processes, I found the relevant files insie /usr/compat/linux/proc. It was nothing to do with directadmin it just happened my 2 directadmin servers were the only ones that had this port installed.

Thanks for the info. I'm sure it will help someone else with a similar question in the future.

Kind Regards,
Onno Vrijburg