LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-05-2007, 12:11 PM   #1
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Rep: Reputation: 78
Is it unusual to have 6 instances of mingetty running?


So my fedora linux box is experiencing some slowdown under high traffic. I ran 'top' and noticed that there are six instances of mingetty running which got me thinking my machine might be compromised or something.

Is this typical? Do I really need to have mingetty instances running? I login via ssh frequently.
 
Old 09-05-2007, 12:45 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
No, that's normal. It's for the six TTYs (ctrl+alt+F1-6 at the local machine).
 
Old 09-05-2007, 01:40 PM   #3
docalton
Member
 
Registered: Dec 2002
Location: St Louis, MO
Distribution: Arch Linux
Posts: 99

Rep: Reputation: 15
AlucardZero is correct. Those are normal. However, you do not have to keep all 6. I usually remove all but 2 of them. I leave 1 and 2 just for grins just in case I hose my X configuration and for other command-line stuff.

You can remove unneeded ones by editing your /etc/inittab file. You would remove the runlevel number by the entries that you dont want to start.

Hope this helps
 
Old 09-06-2007, 12:32 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Saying it's normal is just a generic explanation. It might not reflect the actual situation. Next time you think something is compromised you will want to verify the running process is benign. For that you can check the location of the binary in /proc/$PID/exe (link to filesystem) and compare the hash of running 'md5sum' or 'sha1sum' against the /proc/$PID/exe against what your distro's package manager reports (if it has that capability), or use a file integrity checker like Aide, Samhain or even tripwire, Tiger (new version 3.2.2 out last august) or Rootkit Hunter (new 1.3.0 version only).
 
Old 09-06-2007, 01:41 PM   #5
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Original Poster
Rep: Reputation: 78
Thanks!

I watched the mail log for a bit and the machine seems fine. It's been up for 462 days now and there doesn't seem to be any extra mail traffic so I think it's ok.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ps -A reveals two instances of gdm running adityavpratap Ubuntu 3 07-09-2007 11:31 AM
Unusual TCP Packets when running Linux kellinjar Linux - Networking 0 05-23-2006 01:37 AM
Why are multiple instances of mysqld running? philpq Linux - Newbie 2 02-17-2005 03:01 PM
number of running instances hk_linux Programming 0 01-05-2005 11:47 PM
9 httpd instances running!?? jlinden Linux - Newbie 2 09-17-2003 11:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration