top command services
Hello LQ user,
Below is result of top command - service showing with "k" is not understood by me. is that command is exist.what is this commands function. PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 14426 root 18 0 32984 988 196 S 27.0 0.1 10411:13 kvnujuvdfa 19171 apache 16 0 558m 95m 5600 S 1.7 5.9 1:00.54 httpd 2850 root 15 0 31496 272 176 S 0.3 0.0 25:22.64 gvwkfefbil 15837 root 15 0 92304 3772 2996 S 0.3 0.2 0:00.45 sshd 24423 root 15 0 12868 1220 836 R 0.3 0.1 0:00.80 top 1 root 15 0 10356 600 572 S 0.0 0.0 1:28.89 init 2 root RT -5 0 0 0 S 0.0 0.0 0:06.39 migration/0 3 root 34 19 0 0 0 S 0.0 0.0 0:00.18 ksoftirqd/0 4 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0 5 root RT -5 0 0 0 S 0.0 0.0 0:03.33 migration/1 6 root 34 19 0 0 0 S 0.0 0.0 0:00.14 ksoftirqd/1 7 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/1 8 root RT -5 0 0 0 S 0.0 0.0 0:03.52 migration/2 9 root 34 19 0 0 0 S 0.0 0.0 0:00.08 ksoftirqd/2 10 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/2 11 root 10 -5 0 0 0 S 0.0 0.0 0:01.27 events/0 12 root 10 -5 0 0 0 S 0.0 0.0 0:00.29 events/1 13 root 10 -5 0 0 0 S 0.0 0.0 0:00.13 events/2 14 root 10 -5 0 0 0 S 0.0 0.0 0:02.51 khelper 29 root 10 -5 0 0 0 S 0.0 0.0 0:00.05 kthread 35 root 10 -5 0 0 0 S 0.0 0.0 0:00.48 kblockd/0 36 root 10 -5 0 0 0 S 0.0 0.0 0:07.04 kblockd/1 37 root 10 -5 0 0 0 S 0.0 0.0 0:01.33 kblockd/2 38 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kacpid 152 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/0 153 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/1 154 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 cqueue/2 157 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khubd 159 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kseriod 248 root 10 -5 0 0 0 S 0.0 0.0 8:19.73 kswapd0 249 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0 250 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/1 251 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 aio/2 394 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 kpsmoused 434 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ata/0 435 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 ata/1 |
kvnujuvdfa (and gvwkfefbil)
> 14426 root 18 0 32984 988 196 S 27.0 0.1 10411:13 kvnujuvdfa Code:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND Looks like: http://superuser.com/questions/87789...random-command (I web-searched: linux cpu process with random name ) Try: rkhunter *MAYBE*. Investigate further. Can 'the internet' access this system? |
It does look suspiciously malware-like...
Does it perform any network connections? or listening on ports? try Quote:
|
Code:
ps -aux |
"k" signifies kernel, I think.
http://lxr.free-electrons.com/source....27;a=blackfin http://lxr.free-electrons.com/source.../kmod.c?v=3.15 and others at http://lxr.free-electrons.com/search?v=4.5 Doesn't look like malware to me. I've seen those processes before. I utilize a ~/.toprc so I don't see 'em running "top" as is. Code:
RCfile for "top with windows" # shameless braggin' |
Sorry:
When you said "service showing with 'k'", all I saw was "kthread and friends". and sometimes, I miss the obvious. kvnujuvdfa is PID: 14426 gvwkfefbil is PID: 2580 Code:
lsof -p <pid> Code:
top -p <pid> pressing q|Q in top should leave result on the terminal. I favor pidof -p <pid> because it shows me what files the <pid> has open. In this case, they're both started by "root" process, so I have concerns. Usually suspects are in /tmp/ and/or /var/tmp/ and lsof -p <pid> may indicate the entry point for that process. rkhunter at this time may exacerbate the situation. Sorry about that and Thanks Jjanel for bringing it to my attention. |
All times are GMT -5. The time now is 03:43 PM. |