We have reason to believe an online server we have has been comprised and a rootkit installed. When we run chkproc from chkrootkit we get:
# ./chkproc -v
PID 1105(/proc/1105): not in getpriority readdir output
PID 1116(/proc/1116): not in getpriority readdir output
You have 2 process hidden for readdir command
How do we go about finding about more about these hidden processes? and removing them.
Any advice welcome.