LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-26-2010, 07:58 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
cannot get rid of xterm processes


I had this error when installing and running a vncserver before, which I have now removed. However, the xterm's seem to remain in the system and are regenerating themselves.
Should the pid IDs stay the same each time I run this?

Code:
[root nxserver]# pidof xterm
15034 15033 15032 15031 15030 15029 15028 15027 15026
[root nxserver]# pidof xterm
15044 15043 15042 15041 15040 15039 15038 15037 15036
[root nxserver]# pidof xterm
15054 15053 15052 15051 15050 15049 15048 15047 15046
[root nxserver]#

Just before that I killed the vnc server so not sure what this could be.

Code:
[root nxserver]# /sbin/service vncserver stop
Shutting down VNC server: 1:jason                          [  OK  ]
[root nxserver]# pidof xterm
15010 15008 15006 15004 15002 15000 14998 14995 14994
[root nxserver]# kill -9 14994
-bash: kill: (14994) - No such process
[root nxserver]# pidof xterm
15034 15033 15032 15031 15030 15029 15028 15027 15026
[root nxserver]# pidof xterm
15044 15043 15042 15041 15040 15039 15038 15037 15036
[root nxserver]# pidof xterm
15054 15053 15052 15051 15050 15049 15048 15047 15046

[root nxserver]# pidof vncserver

[root nxserver]# /sbin/service vncserver stop
Shutting down VNC server: 1:jason                          [FAILED]
[root nxserver]#
 
Old 07-26-2010, 09:07 AM   #2
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
I am not too familiar with VNC, but it seems like something is spawning xterms like mad. Unless this is an VNC "feature" I'd consider strengthening your firewall. Temporarily disable VNC in your server and see what happens. This could be failed login attempts or something like that, provided the short life of all these consoles.

Something to research on, just an idea. As said, I have very little experience with VNC. I'm more on the ssh side.
 
Old 07-26-2010, 09:17 AM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by i92guboj View Post
I am not too familiar with VNC, but it seems like something is spawning xterms like mad. Unless this is an VNC "feature" I'd consider strengthening your firewall. Temporarily disable VNC in your server and see what happens. This could be failed login attempts or something like that, provided the short life of all these consoles.

Something to research on, just an idea. As said, I have very little experience with VNC. I'm more on the ssh side.
VNC is already turned off...

The centos wiki has this, which I'm sure it's linked to but having turned off VNC, shouldn;t this code also be cancelled?
Code:
#!/bin/sh
# Add the following line to ensure you always have an xterm available.
( while true ; do xterm ; done ) &
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
WIKI: http://wiki.centos.org/HowTos/VNC-Server

Last edited by qwertyjjj; 07-26-2010 at 09:20 AM.
 
Old 07-26-2010, 09:21 AM   #4
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
Maybe it's time to shut down all the remote services, cut all the ports using iptables and run clamav, rkhunter and chkrootkit. Provided that you can be sure that no one is spawning them locally.
 
Old 07-26-2010, 09:44 AM   #5
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by i92guboj View Post
Maybe it's time to shut down all the remote services, cut all the ports using iptables and run clamav, rkhunter and chkrootkit. Provided that you can be sure that no one is spawning them locally.
It's not a virus, well I can't be certain but it started when I ran the script above, I just don't know how to stop it.
 
Old 07-26-2010, 05:19 PM   #6
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
Then you should be using something like "ps axjf" to print the ps tree and kill the parent.
 
Old 07-26-2010, 07:39 PM   #7
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Not sure if there is a parent, they all seem isolated?

Code:
    1 25486 25456 25456 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
25486 22038 25456 25456 ?           -1 S     1001   0:00  \_ xterm
    1 25787 25787 25787 ?           -1 Ss       0   0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
    1 25828 22202 22202 ?           -1 Sl       0   0:00 /usr/libexec/gdm-rh-security-token-helper
    1 26542 26542 26542 ?           -1 Ss    1001   0:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 14 --session
    1 26561 26542 26542 ?           -1 S     1001   0:00 /usr/libexec/gnome-vfs-daemon
    1 28699 28666 28666 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
28699 22039 28666 28666 ?           -1 S     1001   0:00  \_ xterm
    1 29463 29429 29429 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
29463 22021 29429 29429 ?           -1 S     1001   0:00  \_ xterm
    1 30213 30177 30177 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
30213 22044 30177 30177 ?           -1 S     1001   0:00  \_ xterm
    1 32585 32540 32540 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
32585 22012 32540 32540 ?           -1 S     1001   0:00  \_ xterm
    1   650   650   650 ?           -1 Ss    1001   0:00 /bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session
    1   676   650   650 ?           -1 S     1001   0:00 /usr/libexec/gnome-vfs-daemon
    1  1336  1283  1283 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
 1336 22008  1283  1283 ?           -1 S     1001   0:00  \_ xterm
    1  1615  1536  1536 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
 1615 22045  1536  1536 ?           -1 S     1001   0:00  \_ xterm
    1  4234  4190  4190 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
 4234 22011  4190  4190 ?           -1 S     1001   0:00  \_ xterm
    1  4301  4301  4301 ?           -1 Ssl   1001   0:00 /usr/libexec/bonobo-activation-server --ac-activate --ior-output-fd=16
    1 12474 12428 12428 ?           -1 S     1001   0:01 /bin/sh /home/jason/.vnc/xstartup
12474 22009 12428 12428 ?           -1 S     1001   0:00  \_ xterm
    1 12514 12428 12428 ?           -1 S     1001   0:00 /usr/libexec/gconfd-2 5
Code:
[root ~]# pidof xterm
22446 22445 22444 22443 22437 22426 22421 22418 22417
[root ~]# pidof xterm
22487 22486 22480 22479 22446 22445 22444 22443 22437
[root ~]# pidof xterm
22491 22487 22486 22480 22479 22446 22445 22444 22443
[root ~]# pidof xterm
22491 22487 22486 22480 22479 22446 22445 22444 22443
[root ~]#
[root ~]# pidof xterm
22503 22502 22491 22487 22486 22480 22479 22446 22445
[root ~]#

Last edited by qwertyjjj; 07-26-2010 at 07:40 PM.
 
Old 07-27-2010, 01:19 AM   #8
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
According to ps they all are sons of processes spawned by this command line:

Code:
/bin/sh /home/jason/.vnc/xstartup
I guess that's an VNC startup file. There are many of such processes. "Why" ~/.vnc/xstartup is being ran a thousand times is the question we should be trying to answer. All of them belong to UID 1001, which usually is an unprivileged (regular) user.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting rid of the ascii art text when you open an Xterm in Linux Mint Clived Linux Mint 3 12-08-2009 04:38 PM
XTerm(241) support for truetype fonts and method of changing XTerm font. ajassat Linux - Software 2 08-19-2009 01:01 PM
xterm - howto lauch an xterm into a specific directory jobano Linux - Software 8 02-26-2008 04:18 PM
how is black xterm background in IceWM when issue a xterm command? BRAHmS Linux - Software 1 02-14-2005 04:51 AM
How to get rid of zombie processes ugge Linux - General 3 10-01-2001 10:09 AM


All times are GMT -5. The time now is 05:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration