Confused

Nitin nitinmehta at kappa.net.in
Mon Jul 12 09:45:43 UTC 2004 

Hi,

I'm really very confused about the problem. Since the last time I installed fresh RedHat 7.2 on my web server, following processes are continuously added to the list of processes.

15306 ?        S      0:00 CROND
15475 ?        T      0:00 awk -v progname=/etc/cron.daily/00webalizer progname 
15476 ?        Z      0:00 [awk <defunct>]
15608 ?        T      0:00 /bin/awk
15612 ?        Z      0:00 [awk <defunct>]
22661 ?        S      0:00 CROND
22705 ?        Z      0:00 [mail <defunct>]
26429 ?        T      0:00 hostname
26430 ?        Z      0:00 [hostname <defunct>]
28572 ?        T      0:00 awk -v progname=/etc/cron.daily/rpm progname {?????  
28573 ?        Z      0:00 [awk <defunct>]
28588 ?        T      0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
28591 ?        Z      0:00 [awk <defunct>]
28654 ?        T      0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
28655 ?        Z      0:00 [awk <defunct>]
28713 ?        T      0:00 /bin/awk
28714 ?        Z      0:00 [awk <defunct>]
28880 ?        T      0:00 awk -v progname=/etc/cron.daily/sysstat progname {???
28882 ?        Z      0:00 [awk <defunct>]
28887 ?        T      0:00 awk -v progname=/etc/cron.daily/tmpwatch progname {??
28898 ?        Z      0:00 [awk <defunct>]
30744 ?        S      0:00 CROND
30936 ?        T      0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
30937 ?        Z      0:00 [awk <defunct>]
30949 ?        T      0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
30954 ?        Z      0:00 [awk <defunct>]
30957 ?        T      0:00 chmod 0700 /tmp/makewhatisqKjtJ3
30959 ?        Z      0:00 [chmod <defunct>]
31042 ?        T      0:00 /bin/awk
31043 ?        Z      0:00 [awk <defunct>]
 2795 ?        T      0:00 chmod +r /etc/webmin/version
 2799 ?        Z      0:00 [chmod <defunct>]
 2895 ?        S      0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/we
 3083 ?        S      0:00 /usr/libexec/webmin/mysql/view_table.cgi
 3087 ?        Z      0:00 [sh <defunct>]
 3089 ?        T      0:00 hostname
 3090 ?        Z      0:00 [hostname <defunct>]
 6567 ?        S      0:00 CROND
 6759 ?        T      0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
 6760 ?        Z      0:00 [awk <defunct>]
 6942 ?        T      0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
 6944 ?        Z      0:00 [awk <defunct>]


15306 ?        S      0:00 CROND
15475 ?        T      0:00 awk -v progname=/etc/cron.daily/00webalizer progname 
15476 ?        Z      0:00 [awk <defunct>]
15608 ?        T      0:00 /bin/awk
15612 ?        Z      0:00 [awk <defunct>]
22661 ?        S      0:00 CROND
22705 ?        Z      0:00 [mail <defunct>]
26429 ?        T      0:00 hostname
26430 ?        Z      0:00 [hostname <defunct>]
28572 ?        T      0:00 awk -v progname=/etc/cron.daily/rpm progname {?????  
28573 ?        Z      0:00 [awk <defunct>]
28588 ?        T      0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
28591 ?        Z      0:00 [awk <defunct>]
28654 ?        T      0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
28655 ?        Z      0:00 [awk <defunct>]
28713 ?        T      0:00 /bin/awk
28714 ?        Z      0:00 [awk <defunct>]
28880 ?        T      0:00 awk -v progname=/etc/cron.daily/sysstat progname {???
28882 ?        Z      0:00 [awk <defunct>]
28887 ?        T      0:00 awk -v progname=/etc/cron.daily/tmpwatch progname {??
28898 ?        Z      0:00 [awk <defunct>]
30744 ?        S      0:00 CROND
30936 ?        T      0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
30937 ?        Z      0:00 [awk <defunct>]
30949 ?        T      0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
30954 ?        Z      0:00 [awk <defunct>]
30957 ?        T      0:00 chmod 0700 /tmp/makewhatisqKjtJ3
30959 ?        Z      0:00 [chmod <defunct>]
31042 ?        T      0:00 /bin/awk
31043 ?        Z      0:00 [awk <defunct>]
 2795 ?        T      0:00 chmod +r /etc/webmin/version
 2799 ?        Z      0:00 [chmod <defunct>]
 2895 ?        S      0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/we
 3083 ?        S      0:00 /usr/libexec/webmin/mysql/view_table.cgi
 3087 ?        Z      0:00 [sh <defunct>]
 3089 ?        T      0:00 hostname
 3090 ?        Z      0:00 [hostname <defunct>]
 6567 ?        S      0:00 CROND
 6759 ?        T      0:00 awk -v progname=/etc/cron.daily/logrotate progname {?
 6760 ?        Z      0:00 [awk <defunct>]
 6942 ?        T      0:00 awk -v progname=/etc/cron.daily/slocate.cron progname
 6944 ?        Z      0:00 [awk <defunct>]
21919 ?        S      0:00 CROND
22086 ?        T      0:00 awk -v progname=/etc/cron.daily/00webalizer progname 
22088 ?        Z      0:00 [awk <defunct>]
22124 ?        T      0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
22126 ?        Z      0:00 [awk <defunct>]
22168 ?        T      0:00 /bin/awk
22172 ?        Z      0:00 [awk <defunct>]


21919 ?        S      0:00 CROND
22086 ?        T      0:00 awk -v progname=/etc/cron.daily/00webalizer progname 
22088 ?        Z      0:00 [awk <defunct>]
22124 ?        T      0:00 awk -v progname=/etc/cron.daily/makewhatis.cron progn
22126 ?        Z      0:00 [awk <defunct>]
22168 ?        T      0:00 /bin/awk
22172 ?        Z      0:00 [awk <defunct>]


I didnt see these processes earlier. There are some "chmod" also in it. Is it being compromised?



PS I've applied all the relevant patches after installing OS (at least that's what I think)



Please help me....Also please guide me to something where I can learn about security measures needed for a web server.



Thanks in advance

More information about the redhat-list mailing list