Trying to detect hidden processes …Done.
Scanning /dev/mem for signatures. This may take a while …
Did not find any sign of a LKM rootkit.
我们隐藏一个进程看看
[root@RHEL4 determine]# ava i 1557
Checking for adore 0.12 or higher …
Adore 1.54 installed. Good luck.
Made PID 1557 invisible.
再检查
[root@RHEL4 determine]# ./determine
deter-mine LKM rootkit detector. (C) 2004 Stealth
Trying to detect hidden processes …
Process with PID 1557 does not have a appropriate /proc entry. Hidden?Done.
Scanning /dev/mem for signatures. This may take a while …
Unusual behaivior has been detected. Please consult the removal chapter of the README-file. <–发现了
2、chkrootkit
chkrootkit-0.46a这个可以发现隐藏了一个进程
3、rkhunter
rkhunter-1.2.8这个东西连隐藏进程都不去检查,还叫什么hunter….不过他在其他方面到是做的挺细心的。