Hi,

I am running Red Hat Enterprise Linux Server 5.1. I notice that when my server gets slow and the load goes up, there is a bunch of processes call mi_dmonq running. Does anyone know what this process does? I tried to find it online but didn't find anything. Also, I tried to find the binary on the server but find doesn't return anything. Does anyone know what it is?

Thanks.
Victor

As root run '(apropos mi_dmonq; locate mi_dmonq; /usr/bin/pgrep -lf dmonq; /usr/sbin/lsof -Pwln|grep dmonq)|tee /var/tmp/log.txt;' then inspect and attach the plain text file "/var/tmp/log.txt"?

Hi,

Here is the log from the output. It doesn't show much though...

Victor

Attached Files

log.txt (15.2 KB, 35 views)

Sorry for the late reply. Indeed it does not show much. Are you sure you ran the commands as root user? The only process details are they run as root and each have two file descriptors (one for root directory and one for current working directory) both of which are "/". Since the commands run as root ideally you should bring the machine down and operate on the (read-only!) corpse booting a Live CD like the RHEL installer CD, HELIX or KNOPPIX but if this is a remote you at least should
- save output '(w; echo; who; echo last; /bin/netstat -antupe; echo; /usr/sbin/lsof -Pwln; echo; /bin/ps axfwwwe)|tee /var/tmp/log1.txt' off site and proceed to
- shut down all net-facing services (excluding SSH) and
- other non-critical daemons (atd, cron) and
- raise the firewall to exclude all traffic except for your management IP or range in an attempt to stabilize the situation. After that
- copy all logs, including logrotated ones, to a physically different workstation and run them, with the --archives --range All settings, through 'logwatch' in an attempt to find quick clues.
Also have a look at commands from the CERT Intruder Detection Checklist as it never hurts to perform those.