Confused
Nitin
nitinmehta at kappa.net.in
Mon Jul 12 09:45:43 UTC 2004
Hi,
I'm really very confused about the problem. Since the last time I installed fresh RedHat 7.2 on my web server, following processes are continuously added to the list of processes.
15306 ? S 0:00 CROND
15475 ? T 0:00 awk -v progname=/etc/cron.daily/00webalizer progname
15476 ? Z 0:00 [awk <defunct>]
15608 ? T 0:00 /bin/awk
15612 ? Z 0:00 [awk <defunct>]
22661 ? S 0:00 CROND
22705 ? Z 0:00 [mail <defunct>]
26429 ? T 0:00 hostname
26430 ? Z 0:00 [hostname <defunct>]
28572 ? T 0:00 awk -v progname=/etc/cron.daily/rpm progname {?????
28573 ? Z 0:00 [awk <defunct>]
28588 ? T 0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
28591 ? Z 0:00 [awk <defunct>]
28654 ? T 0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
28655 ? Z 0:00 [awk <defunct>]
28713 ? T 0:00 /bin/awk
28714 ? Z 0:00 [awk <defunct>]
28880 ? T 0:00 awk -v progname=/etc/cron.daily/sysstat progname {???
28882 ? Z 0:00 [awk <defunct>]
28887 ? T 0:00 awk -v progname=/etc/cron.daily/tmpwatch progname {??
28898 ? Z 0:00 [awk <defunct>]
30744 ? S 0:00 CROND
30936 ? T 0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
30937 ? Z 0:00 [awk <defunct>]
30949 ? T 0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
30954 ? Z 0:00 [awk <defunct>]
30957 ? T 0:00 chmod 0700 /tmp/makewhatisqKjtJ3
30959 ? Z 0:00 [chmod <defunct>]
31042 ? T 0:00 /bin/awk
31043 ? Z 0:00 [awk <defunct>]
2795 ? T 0:00 chmod +r /etc/webmin/version
2799 ? Z 0:00 [chmod <defunct>]
2895 ? S 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/we
3083 ? S 0:00 /usr/libexec/webmin/mysql/view_table.cgi
3087 ? Z 0:00 [sh <defunct>]
3089 ? T 0:00 hostname
3090 ? Z 0:00 [hostname <defunct>]
6567 ? S 0:00 CROND
6759 ? T 0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
6760 ? Z 0:00 [awk <defunct>]
6942 ? T 0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
6944 ? Z 0:00 [awk <defunct>]
15306 ? S 0:00 CROND
15475 ? T 0:00 awk -v progname=/etc/cron.daily/00webalizer progname
15476 ? Z 0:00 [awk <defunct>]
15608 ? T 0:00 /bin/awk
15612 ? Z 0:00 [awk <defunct>]
22661 ? S 0:00 CROND
22705 ? Z 0:00 [mail <defunct>]
26429 ? T 0:00 hostname
26430 ? Z 0:00 [hostname <defunct>]
28572 ? T 0:00 awk -v progname=/etc/cron.daily/rpm progname {?????
28573 ? Z 0:00 [awk <defunct>]
28588 ? T 0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
28591 ? Z 0:00 [awk <defunct>]
28654 ? T 0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
28655 ? Z 0:00 [awk <defunct>]
28713 ? T 0:00 /bin/awk
28714 ? Z 0:00 [awk <defunct>]
28880 ? T 0:00 awk -v progname=/etc/cron.daily/sysstat progname {???
28882 ? Z 0:00 [awk <defunct>]
28887 ? T 0:00 awk -v progname=/etc/cron.daily/tmpwatch progname {??
28898 ? Z 0:00 [awk <defunct>]
30744 ? S 0:00 CROND
30936 ? T 0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
30937 ? Z 0:00 [awk <defunct>]
30949 ? T 0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
30954 ? Z 0:00 [awk <defunct>]
30957 ? T 0:00 chmod 0700 /tmp/makewhatisqKjtJ3
30959 ? Z 0:00 [chmod <defunct>]
31042 ? T 0:00 /bin/awk
31043 ? Z 0:00 [awk <defunct>]
2795 ? T 0:00 chmod +r /etc/webmin/version
2799 ? Z 0:00 [chmod <defunct>]
2895 ? S 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/we
3083 ? S 0:00 /usr/libexec/webmin/mysql/view_table.cgi
3087 ? Z 0:00 [sh <defunct>]
3089 ? T 0:00 hostname
3090 ? Z 0:00 [hostname <defunct>]
6567 ? S 0:00 CROND
6759 ? T 0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
6760 ? Z 0:00 [awk <defunct>]
6942 ? T 0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
6944 ? Z 0:00 [awk <defunct>]
21919 ? S 0:00 CROND
22086 ? T 0:00 awk -v progname=/etc/cron.daily/00webalizer progname
22088 ? Z 0:00 [awk <defunct>]
22124 ? T 0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
22126 ? Z 0:00 [awk <defunct>]
22168 ? T 0:00 /bin/awk
22172 ? Z 0:00 [awk <defunct>]
21919 ? S 0:00 CROND
22086 ? T 0:00 awk -v progname=/etc/cron.daily/00webalizer progname
22088 ? Z 0:00 [awk <defunct>]
22124 ? T 0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
22126 ? Z 0:00 [awk <defunct>]
22168 ? T 0:00 /bin/awk
22172 ? Z 0:00 [awk <defunct>]
I didnt see these processes earlier. There are some "chmod" also in it. Is it being compromised?
PS I've applied all the relevant patches after installing OS (at least that's what I think)
Please help me....Also please guide me to something where I can learn about security measures needed for a web server.
Thanks in advance
More information about the redhat-list
mailing list