I'm running ISPConfig3 on Squeeze and recently started getting these warnings from RKHunter. Warning: The following processes are using deleted files: Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 577 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/sbin/mysqld PID: 1076 File: (deleted)/tmp/ib5yQx0w Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1185 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1680 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1748 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 1752 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4022 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4137 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4139 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 4594 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 5232 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 5236 File: (deleted)/var/run/apache2/ssl_mutex Process: /usr/sbin/cron PID: 5944 File: (deleted)/tmp/tmpfNmT5sT Process: /bin/bash PID: 5948 File: (deleted)/tmp/tmpfNmT5sT Process: /bin/bash PID: 5950 File: (deleted)/tmp/tmpfNmT5sT Process: /bin/run-parts PID: 5951 File: (deleted)/tmp/tmpfNmT5sT Process: /usr/lib/apache2/mpm-prefork/apache2 PID: 31274 File: (deleted)/var/run/apache2/ssl_mutex Sure enough there are no files in /var/run/apache2/ At one point it did appear someone was able to hijack some FTP accounts and upload some php files that I've cleaned up and removed the accounts, but this may be some remnants of issues left behind. Any ideas on the best way to clean this up?
