[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] makedev processes lots of

Barry Cisna wrote:

On one of our K12LTSP servers at the middle school which is a remote
location from were I am at, I have noticed lots of 'makedev' processes
always running as of late. I also noticed that this server has been
accessed by an unknown/unauthorized IP address. I've run rkhunter on this
daily and of course it is showing the checksums are not correct now:(.

Are you running the latest version of rkhunter and did you try the steps mentioned under "Problems running Rootkit Hunter?" on http:// rkhunter.sourceforge.net/ ? There are some issues regarding prelinking and SELinux that can get you false positives.

If I do a' killall makedev ' the proceses still are shown running in top.
When i do a ' ps aux | grep makedev ' nothing is shown running. I m
assuming this runs ' at kernel level'?..dduuhh not sure.

Note that the binary is called MAKEDEV and not makedev. By default grep is case-sensitive. You could use grep's -i switch (for case- insensitive) or look for MAKEDEV instead.

Ive also done a few netstat commands to try and figure out what is spawning the makedev
processes. Anyone have any thoughts on this? Don't have a clue here.
K12ltsp v 4.4.1

Like 'man MAKEDEV' says: "MAKEDEV is a program that will create the devices in /dev used to interface with drivers in the kernel." I don't think a lot of MAKEDEV processes should be running during normal operation, probably only during boot time?

Nils Breunese.

Attachment: PGP.sig
Description: Dit deel van het bericht is digitaal ondertekend

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]