LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-10-2017, 11:42 PM   #1
andrew.46
Member
 
Registered: Oct 2007
Distribution: Slackware
Posts: 825

Rep: Reputation: 163Reputation: 163
Huge CPU utilisation: yam


Running Slackware -current 64bit multilib over the last few days I have been finding periods of 100% CPU utilisation without any intervention on my behalf.

'Top' shows the process is called 'yam' which I confess leaves me none the wiser although it is easily ended with 'kill'.

Can anybody shed light on this?
 
Old 08-10-2017, 11:52 PM   #2
bassmadrigal
Senior Member
 
Registered: Nov 2003
Location: Newport News, VA
Distribution: Slackware
Posts: 4,101

Rep: Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071
Looks like yam might be a miner.

If you didn't install anything to mine something like bitcoins, then your machine might be compromised and you should at minimum reset all your passwords.
 
1 members found this post helpful.
Old 08-10-2017, 11:56 PM   #3
andrew.46
Member
 
Registered: Oct 2007
Distribution: Slackware
Posts: 825

Original Poster
Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by bassmadrigal View Post
Looks like yam might be a miner.

If you didn't install anything to mine something like bitcoins, then your machine might be compromised and you should at minimum reset all your passwords.
Odd, I have installed nothing like this. Is the following on your system:
Code:
root@illium/home/andrew# find /usr -iname yam
/usr/src/linux-4.9.40/firmware/yam
Although I suspect that this is simply a similar name...
 
Old 08-11-2017, 12:15 AM   #4
RadicalDreamer
Member
 
Registered: Jul 2016
Location: USA
Distribution: Slackware64-Current
Posts: 319

Rep: Reputation: 145Reputation: 145
Code:
yam.ko
	

Yam amateur radio modem driver
?
https://wiki.debian.org/Firmware
 
Old 08-11-2017, 12:21 AM   #5
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 15,715

Rep: Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120Reputation: 2120
modinfo will tell you the same - even on my Fedora. I'd be betting on bassmadrigal guess.
What does "which yam" return ?.
 
1 members found this post helpful.
Old 08-11-2017, 12:45 AM   #6
andrew.46
Member
 
Registered: Oct 2007
Distribution: Slackware
Posts: 825

Original Poster
Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by syg00 View Post
What does "which yam" return ?.
No yam on the system:
Code:
andrew@illium~$ which yam
which: no yam in (/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin:/usr/share/texmf/bin:/home/andrew/bin)
andrew@illium~$
But the module is clear enough:

Code:
root@illium/home/andrew# modinfo yam
filename:       /lib/modules/4.9.40/kernel/drivers/net/hamradio/yam.ko
firmware:       yam/9600.bin
firmware:       yam/1200.bin
license:        GPL
description:    Yam amateur radio modem driver
author:         Frederic Rible F1OAT frible@teaser.fr
depends:        ax25
intree:         Y
vermagic:       4.9.40 SMP mod_unload 
root@illium/home/andrew#

Last edited by andrew.46; 08-11-2017 at 12:47 AM.
 
Old 08-11-2017, 12:50 AM   #7
bassmadrigal
Senior Member
 
Registered: Nov 2003
Location: Newport News, VA
Distribution: Slackware
Posts: 4,101

Rep: Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071
syg00's suggestion would've been my next one. What is the output of which yam, or even locate yam (if locate yam provides too many files, you can pipe the output to grep and just search for lines that end in yam: locate yam | grep yam$ )? If those don't yield anything fruitful, you can try finding the commandline used to run that program the next time it pops up. Just find the process ID (PID) of it and then run the following (replacing $PID with the PID number of yam):

Code:
cat /proc/$PID/cmdline
@RadicalDreamer, it is unlikely this is related to the firmware since there is not an executable called yam included within Slackware. It is likely something that was added after installation. Plus, firmware or modules themselves shouldn't run a program, just load the pertinent info into the system.

EDIT: If locate doesn't work, you may need to update the database by running updatedb as root.

Last edited by bassmadrigal; 08-11-2017 at 12:52 AM.
 
2 members found this post helpful.
Old 08-11-2017, 09:59 PM   #8
andrew.46
Member
 
Registered: Oct 2007
Distribution: Slackware
Posts: 825

Original Poster
Rep: Reputation: 163Reputation: 163
No further issues although I have changed my SSH port from a foolish 22 to something a little more difficult to guess. I am wondering what my chances are that this was some sort of attack over a weak SSH setup?

My knowledge of Slackware security seems to be foolishly low but this will be changing...
 
Old 08-12-2017, 11:53 AM   #9
RadicalDreamer
Member
 
Registered: Jul 2016
Location: USA
Distribution: Slackware64-Current
Posts: 319

Rep: Reputation: 145Reputation: 145
Thanks for the explanation bassmadrigal!

andrew.46 check out lynis for some ideas: http://slackbuilds.org/repository/14.../?search=lynis

https://www.linux.com/learn/advanced...ips-and-tricks
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
High CPU utilisation on Xorg when fsck is running aeternitas Linux - Software 2 04-20-2010 01:26 AM
CPU utilisation - IS THIS EQUATION CORRECT chamila1986 Programming 3 03-10-2010 11:37 AM
[SOLVED] High cpu utilisation for X process in -current rpedrica Slackware 4 09-21-2009 09:08 AM
cpu utilisation Moore Linux - General 2 06-25-2006 09:26 AM
Utilisation of CPU and Disks overview tool saavik Solaris / OpenSolaris 2 01-31-2003 07:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration