LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Hugh Number if <user>@notty processors (https://www.linuxquestions.org/questions/linux-newbie-8/hugh-number-if-user-%40notty-processors-4175434557/)

nasmii 10-28-2012 11:10 PM

Hugh Number if <user>@notty processors
 
Hi team,

Im new to this forum,

In my linux system I found thousands of processors running as below:

<useranme> 32709 32653 0 Oct19 ? 00:00:00 sshd: <username>@notty
<useranme> 32711 32675 0 Oct17 ? 00:00:00 sshd: <useranme>@notty
<useranme> 32716 32709 0 Oct19 ? 00:00:00 /usr/lib64/ssh/sftp-server

We were able to remove them by killing the process.

I would like to know the Reason why this much processors start in my server.

Thank you,
ID

nasmii 10-28-2012 11:33 PM

Hugh Number of <user>@notty processors
 
Correction in Subject : Hugh Number if <user>@notty processors

Quote:

Originally Posted by nasmii (Post 4817149)
Hi team,

Im new to this forum,

In my linux system I found thousands of processors running as below:

<useranme> 32709 32653 0 Oct19 ? 00:00:00 sshd: <username>@notty
<useranme> 32711 32675 0 Oct17 ? 00:00:00 sshd: <useranme>@notty
<useranme> 32716 32709 0 Oct19 ? 00:00:00 /usr/lib64/ssh/sftp-server

We were able to remove them by killing the process.

I would like to know the Reason why this much processors start in my server.

Thank you,
ID


shivaa 10-29-2012 10:44 AM

It seems some user <username> is logged in on this system from host notty.
Did you try following?
Quote:

pkill -9 -u <username>

nasmii 10-29-2012 11:30 AM

Thank you shivaa for the reply.

I was able to remove the processors.
Can anyone help me to find out reason for these processors and how can I avoid same issue again.
Initially there were few thousands with same process

Thank you,

sundialsvcs 10-29-2012 11:39 AM

It might do well to move this to the Security subforum, but in the meanwhile, here are a few suggestions...

Look at the various system logs in /var/log. Do you know very well what this computer is supposed to be doing? Is there any reason that you can think of for this kind of login to be legitimate? If so, it's possible that these are hanging-sessions that are not being cleared up. Maybe they are being initiated by a (let us presume, "legitimate") programmed script, somewhere else, that has a bug in it. ("It doesn't get the response it's looking for, so it tries again. But it doesn't clean up its own mess.") It's pretty unreasonable to think of any person generating this kind of volume, but it's also difficult to imagine an intruder creating such a massive amount of noise, unless he were somehow (and crudely) attempting some weird DOS attack. A "bug" sounds likely to me.

Language notes:

"hugh" should be "huge." "processors" in this case should be "processes" or "sessions."

shivaa 10-29-2012 11:47 AM

These were obviously not zombie or orphan processess, but, these were because of "ssh" commands initiated by some user <username>, who was logged in on your local system, and had did a "ssh <username>@notty" to access notty system using ssh.
Al those processes were many times opened sessions (i.e. terminals) by that user. He logged in from your system and didn't close those terminals or login sessions. That's why you found lot of such processes. You can ask users to limit their sessions and always close/logoff from terminals after they finish their work, else you'll close it.
Fyi, pkill kills processes of specified user and -9 is signal passed to that process. Read more "man kill".


All times are GMT -5. The time now is 10:14 PM.