[K12OSN] makedev processes lots of

Nils Breunese nils at breun.nl
Mon Apr 23 08:55:06 UTC 2007

Barry Cisna wrote:

> On one of our K12LTSP servers at the middle school which is a remote
> location from were I am at, I have noticed lots of 'makedev' processes
> always running as of late. I also noticed that this server has been
> accessed by an unknown/unauthorized IP address. I've run rkhunter  
> on this
> daily and of course it is showing the checksums are not correct now:(.

Are you running the latest version of rkhunter and did you try the  
steps mentioned under "Problems running Rootkit Hunter?" on http:// 
rkhunter.sourceforge.net/ ? There are some issues regarding  
prelinking and SELinux that can get you false positives.

> If I do a' killall makedev ' the proceses still are shown running  
> in top.
> When i do a ' ps aux | grep makedev ' nothing is shown running. I m
> assuming this runs ' at kernel level'?..dduuhh not sure.

Note that the binary is called MAKEDEV and not makedev. By default  
grep is case-sensitive. You could use grep's -i switch (for case- 
insensitive) or look for MAKEDEV instead.

> Ive also done a few netstat commands to try and figure out what is  
> spawning the makedev
> processes. Anyone have any thoughts on this? Don't have a clue here.
> K12ltsp v 4.4.1

Like 'man MAKEDEV' says: "MAKEDEV is a program that will create the  
devices in /dev used to interface with drivers in the kernel." I  
don't think a lot of MAKEDEV processes should be running during  
normal operation, probably only during boot time?

Nils Breunese.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: Dit deel van het bericht is digitaal ondertekend
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070423/20bf2064/attachment.sig>

More information about the K12OSN mailing list