Does this make sense?

Subject: Does this make sense?
From: Mike Mellor (mmellor1@yahoo.com)
Date: Fri Aug 23 2002 - 06:19:35 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mike Barsalou: "Debugging Evolution problems"
• Previous message: James Raynor: "Re: RE: Thanks for the help"
• Next in thread: Mike Tibor: "Re: Does this make sense?"

I got up this morning and found a whole bunch of stuff going on with my
computer that I don't think I asked it to do. I checked the last couple
of chkrootkit messages and nothing looks out of place. Here's what was
running:

  PID TTY STAT TIME COMMAND
    1 ? S 0:04 init
    2 ? SW 0:00 [keventd]
    3 ? SW 0:00 [kapm-idled]
    4 ? SWN 0:00 [ksoftirqd_CPU0]
    5 ? SW 0:43 [kswapd]
    6 ? SW 0:00 [bdflush]
    7 ? SW 0:01 [kupdated]
    8 ? SW 0:00 [khubd]
    9 ? SW 0:05 [kjournald]
  464 ? S 0:04 syslogd -m 0
  469 ? S 0:05 klogd -2
  545 ? S 0:00 xinetd -stayalive -reuse -pidfile
/var/run/xinetd.pid
  569 ? S 0:00 lpd Waiting
 1674 ? S 0:00 /opt/win4lin/bin/vnetd
 1726 ? S 0:00 crond
 1780 ? S 1:50 xfs -droppriv -daemon
 1816 ? S 0:00 /usr/sbin/atd
 1823 ? SW 0:00 [scsi_eh_1]
 1893 tty1 S 0:00 /sbin/mingetty tty1
 1894 tty2 S 0:00 /sbin/mingetty tty2
 1895 tty3 S 0:00 /sbin/mingetty tty3
 1896 tty4 S 0:00 /sbin/mingetty tty4
 1897 tty5 S 0:00 /sbin/mingetty tty5
 1898 tty6 S 0:00 /sbin/mingetty tty6
 1899 ? S 0:00 /usr/bin/gdm -nodaemon
 1908 ? S 0:00 /usr/bin/gdm -nodaemon
 1909 ? S 68:37 /etc/X11/X :0 -auth /var/gdm/:0.Xauth
 1921 ? S 1:04 icewm
 1956 ? S 0:29 xscreensaver
 2995 ? S 0:00 /usr/local/sbin/x10bot -l /home/mike/tclbot.log
17415 ? S 0:00 /bin/sh /usr/bin/mysqld_safe
--datadir=/var/lib/mysql
17438 ? S 0:00 /usr/sbin/mysqld --basedir=/ --datadir=.
ar/lib/mysql
17440 ? S 0:00 /usr/sbin/mysqld --basedir=/ --datadir=.
ar/lib/mysql
17441 ? S 0:00 /usr/sbin/mysqld --basedir=/ --datadir=.
ar/lib/mysql
17601 ? S 0:02 /usr/bin/perl /usr/libexec/webmin/miniserv.pl
/etc/we
23584 ? S 0:00 smbd -D
23589 ? S 0:00 nmbd -D
 1541 ? S 0:00 gda-default-srv
--oaf-activate-iid=OAFIID:GNOME_GDA_P
22335 ? SW 0:01 [usb-storage-0]
22336 ? SW 0:00 [scsi_eh_2]
24186 ? S 0:00 CROND
24187 ? S 0:00 /bin/bash /usr/bin/run-parts /etc/cron.daily
24625 ? S 0:00 aterm -tr -sh 45 -rv
24626 pts/2 S 0:00 bash
24656 pts/2 S 0:00 su -
24660 pts/2 S 0:00 -bash
24708 pts/2 S 0:10 gtop
24710 ? S 0:00 esd -terminate -nobeeps -as 2 -spawnfd 4
24715 ? SN 0:00 /bin/sh /etc/cron.daily/slocate.cron
24716 ? S 0:00 awk -v progname=/etc/cron.daily/slocate.cron
progname
24717 ? S 0:00 /usr/sbin/sendmail -FCronDaemon -i -odi -oem root
24719 ? RN 0:22 /usr/bin/updatedb -f
NFS,SMBFS,NCPFS,PROC,DEVPTS -e /
24729 ? S 0:00 aterm -tr -sh 45 -rv
24730 pts/3 S 0:00 bash
24760 pts/3 R 0:00 ps ax

My concern starts with CROND (not crond) at 24186, and continues down to
sendmail at 24717. I use cron, but I don't know what's going on with
CROND. Do I have a problem here, or is one of the servers (mysql, smb)
doing this?

Thanks.

Mike

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Mike Barsalou: "Debugging Evolution problems"
• Previous message: James Raynor: "Re: RE: Thanks for the help"
• Next in thread: Mike Tibor: "Re: Does this make sense?"

This archive was generated by hypermail 2a23 : Fri Aug 23 2002 - 06:16:33 AKDT