Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey,
I've been running an algorithm for over a week and a half on my machine, and it seems to keep getting slower. When I check top, I keep seeing weird things popping up here in there, such as xfce-panel, even though this should not be running, these also keep changing the PID number each time they show up. When using top the CPU status indicates that it is running at 100%, but when looking at the processes running the only significant process is my algorithm which is only using 64% of the processor. What gives? Is someone using my machine, and hiding the processes from me? I highly doublt this, but you just never know.
Last edited by statmobile; 04-22-2004 at 11:23 PM.
Dissconnect the computer from the network. Then see if this helps. If it does, you have to do some digging. You may want to scan for torjans and rootkits.
The "best" way to check would be to shut down the system, reboot with a bootable cdr like Knoppix, FIRE, PSK, Plan9 and run your filesystem integrity checker (that is, if you installed, configured and ran it and saved at least the databases to read-only media). This way there is nearly no way to circumvent detection. Else please read this first: Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intrud...checklist.html to make sure you know what to do. Also search the Linux - Security forum for words like "compromise". We've written a lot of advice on checking integrity. Run "rpm -Va", check your passwd, group and shadow files for any users added you can't recognise, then check "last" and "lastlog" to see if any logged in, then check your system logs (the further back the better) for any "weird" lines. Make sure you know what services are running (also see Xinetd) and run "netstat -panel -A inet" to see listening services and the location/PID of the binary and investigate any unusual ones. Run Chkrootkit and Rootkit Hunter. If you're gonna post, please post output if you found anything weird or are unsure if it means something.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.