[K12OSN] makedev processes lots of
Nils Breunese
nils at breun.nl
Mon Apr 23 08:55:06 UTC 2007
Barry Cisna wrote:
> On one of our K12LTSP servers at the middle school which is a remote
> location from were I am at, I have noticed lots of 'makedev' processes
> always running as of late. I also noticed that this server has been
> accessed by an unknown/unauthorized IP address. I've run rkhunter
> on this
> daily and of course it is showing the checksums are not correct now:(.
Are you running the latest version of rkhunter and did you try the
steps mentioned under "Problems running Rootkit Hunter?" on http://
rkhunter.sourceforge.net/ ? There are some issues regarding
prelinking and SELinux that can get you false positives.
> If I do a' killall makedev ' the proceses still are shown running
> in top.
> When i do a ' ps aux | grep makedev ' nothing is shown running. I m
> assuming this runs ' at kernel level'?..dduuhh not sure.
Note that the binary is called MAKEDEV and not makedev. By default
grep is case-sensitive. You could use grep's -i switch (for case-
insensitive) or look for MAKEDEV instead.
> Ive also done a few netstat commands to try and figure out what is
> spawning the makedev
> processes. Anyone have any thoughts on this? Don't have a clue here.
> K12ltsp v 4.4.1
Like 'man MAKEDEV' says: "MAKEDEV is a program that will create the
devices in /dev used to interface with drivers in the kernel." I
don't think a lot of MAKEDEV processes should be running during
normal operation, probably only during boot time?
Nils Breunese.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: Dit deel van het bericht is digitaal ondertekend
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070423/20bf2064/attachment.sig>
More information about the K12OSN
mailing list