LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page find proccess appeared
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-23-2014, 05:35 AM   #1
fquiroga
LQ Newbie
 
Registered: Oct 2014
Posts: 2

Rep: Reputation: Disabled
find proccess appeared

Monitoring my server with top in my CentOS 6.4 server and I watch a find proccess with user root, but I didn't executed it and no one else has root acces, in addition, I don't consider an external attack because sshd por is only open form my ip.
 
Old 10-23-2014, 09:47 AM   #2
dubnik
Member
 
Registered: Dec 2006
Location: Slovakia
Distribution: Red Hat
Posts: 48

Rep: Reputation: 1
Hi
write which process you mean.There's many system processess running under root.
 
Old 10-23-2014, 10:35 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by fquiroga View Post
Monitoring my server with top in my CentOS 6.4 server and I watch a find proccess with user root, but I didn't executed it and no one else has root acces,
Try, as root:
Code:
pgrep find|xargs -iX /usr/sbin/lsof -Pwlnp 'X'

Quote:
Originally Posted by fquiroga View Post
in addition, I don't consider an external attack because sshd por is only open form my ip.
...are you saying this machine only provides SSH access? It doesn't run any other services?
 
Old 10-31-2014, 04:22 AM   #4
fquiroga
LQ Newbie
 
Registered: Oct 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Try, as root:
Code:
pgrep find|xargs -iX /usr/sbin/lsof -Pwlnp 'X'
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
find 7575 0 cwd DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 rtd DIR 202,1 4096 2 /
find 7575 0 txt REG 202,1 234512 223155 /bin/find
find 7575 0 mem REG 202,1 19536 231431 /lib64/libdl-2.12.so
find 7575 0 mem REG 202,1 142640 231435 /lib64/libpthread-2.12.so
find 7575 0 mem REG 202,1 1921096 231254 /lib64/libc-2.12.so
find 7575 0 mem REG 202,1 122040 231377 /lib64/libselinux.so.1
find 7575 0 mem REG 202,1 596264 231441 /lib64/libm-2.12.so
find 7575 0 mem REG 202,1 43832 231467 /lib64/librt-2.12.so
find 7575 0 mem REG 202,1 154520 231280 /lib64/ld-2.12.so
find 7575 0 0r FIFO 0,8 0t0 67276077 pipe
find 7575 0 1w FIFO 0,8 0t0 67276206 pipe
find 7575 0 2w CHR 1,3 0t0 3662 /dev/null
find 7575 0 3r DIR 202,1 4096 2 /
find 7575 0 4r DIR 202,1 4096 2 /
find 7575 0 5r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 6r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 7r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 8r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 9r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 10r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 11r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 12r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 13r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 14r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 15r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 16r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 17r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 18r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 19r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 20r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 21r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 22r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 23r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 24r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 25r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 26r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 27r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 28r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 29r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 30r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 31r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 32r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 33r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 34r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 35r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 36r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 37r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 38r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 39r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 40r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 41r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 42r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 43r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 44r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 45r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 46r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 47r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 48r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 49r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 50r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 51r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 52r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 53r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 54r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 55r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 56r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 57r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 58r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 59r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 60r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 61r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 62r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 63r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 64r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 65r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 66r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 67r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 68r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 69r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 70r DIR 253,1 377810944 1612 /var/lib/php/session
find 7575 0 71r DIR 253,1 377810944 1612 /var/lib/php/session

There is a lot of more lines like the last ones
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
daemon proccess???? keimasi Linux - General 3 03-17-2011 09:48 AM
Is proccess alive Dreft Linux - General 1 10-30-2009 01:25 PM
Where I can find some material about proccess management of the Slackware? IvanR Slackware 1 05-28-2009 08:57 AM
GNUstep just appeared cjsmith22 Linux - Newbie 1 05-27-2005 11:38 PM
automat proccess juanb Linux - Software 1 12-09-2003 07:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:07 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration