#vi proc
#!/bin/bash
chkproc="/data/chkrootkit-0.48/chkproc"
PIDS=$($chkproc -v | grep "PID" | grep "/" | awk -F"(" '{print$1}'| awk '{print $2}')
for PID in $(echo $PIDS)
do
echo -n "PID[$PID]"
ls -al /proc/$PID | grep exe | awk '{print "exe -> "$11}'
done
#chmod 750 proc
[root@reyad chkrootkit-0.48]# ./proc
PID[1923]exe -> /sbin/mdmpd
PID[2398]exe -> /usr/bin/dbus-daemon-1
[root@reyad chkrootkit-0.48]# ./chkproc -v
PID 1923(/proc/1923): not in readdir output
PID 1923: not in ps output
PID 2398(/proc/2398): not in readdir output
PID 2398: not in ps output
You have 2 process hidden for readdir command
You have 2 process hidden for ps command
[root@reyad chkrootkit-0.48]#
chkproc -v ̿ ϸ PID ʴ μ Ȯ Ҽ ִ.
