Hi Robert, Hi List, I've found some Informations about initsys: www.giac.org/practical/Edmo_Filho_GCIH.doc says: "initsys is a session hijacking tool that can be remotely connected by using another session hijacking tool called Hunt." Mike Wanning
-----Ursprüngliche Nachricht----- Von: Robert Schelander [mailto:rschelander@aon.at] Gesendet: Montag, 2. Juni 2003 02:57 An: suse-security@suse.com Betreff: [suse-security] initsys prozess / rootkit? trojan?
Does someone know what this 'initsys' process is good for? I've never seen in on any of my systems before. Could it be part of a rootkit? I found the binary in /usr/bin/initsys
thanks in advance Robert
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.2 0.0 448 64 ? S 01:05 0:07 init [5] root 2 0.0 0.0 0 0 ? SW 01:05 0:00 [keventd] root 3 0.0 0.0 0 0 ? SW 01:05 0:00 [kapmd] root 4 0.0 0.0 0 0 ? SWN 01:05 0:00 [ksoftirqd_CPU0] root 5 0.0 0.0 0 0 ? SW 01:05 0:00 [kswapd] root 6 0.0 0.0 0 0 ? SW 01:05 0:00 [bdflush] root 7 0.0 0.0 0 0 ? SW 01:05 0:00 [kupdated] root 10 0.0 0.0 0 0 ? SW< 01:05 0:00 [mdrecoveryd] root 14 0.0 0.0 0 0 ? DW 01:05 0:00 [hpt_wt] root 15 0.0 0.0 0 0 ? SW 01:05 0:00 [kreiserfsd] root 23 0.0 0.2 1312 332 ? S 01:05 0:00 initsys root 256 0.0 0.5 1840 640 ? S 01:05 0:00 /usr/sbin/apmd root 410 0.0 0.5 1408 640 ? S 01:05 0:00 /sbin/syslogd root 413 0.0 0.8 1904 1116 ? S 01:05 0:00 /sbin/klogd -c 1 root 449 0.0 0.0 0 0 ? SW 01:05 0:00 [khubd] bin 693 0.0 0.3 1344 404 ? S 01:05 0:00 /sbin/portmap .....
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Gesendet über Mailserver: begros.de! Trotz sorgfältiger Virenprüfung können wir für eventuelle Schäden, die durch nicht erkannte Computerviren entstehen, keine Haftung übernehmen.