Is it unusual to have 6 instances of mingetty running?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it unusual to have 6 instances of mingetty running?
So my fedora linux box is experiencing some slowdown under high traffic. I ran 'top' and noticed that there are six instances of mingetty running which got me thinking my machine might be compromised or something.
Is this typical? Do I really need to have mingetty instances running? I login via ssh frequently.
AlucardZero is correct. Those are normal. However, you do not have to keep all 6. I usually remove all but 2 of them. I leave 1 and 2 just for grins just in case I hose my X configuration and for other command-line stuff.
You can remove unneeded ones by editing your /etc/inittab file. You would remove the runlevel number by the entries that you dont want to start.
Saying it's normal is just a generic explanation. It might not reflect the actual situation. Next time you think something is compromised you will want to verify the running process is benign. For that you can check the location of the binary in /proc/$PID/exe (link to filesystem) and compare the hash of running 'md5sum' or 'sha1sum' against the /proc/$PID/exe against what your distro's package manager reports (if it has that capability), or use a file integrity checker like Aide, Samhain or even tripwire, Tiger (new version 3.2.2 out last august) or Rootkit Hunter (new 1.3.0 version only).
I watched the mail log for a bit and the machine seems fine. It's been up for 462 days now and there doesn't seem to be any extra mail traffic so I think it's ok.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.