LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-25-2005, 02:49 PM   #1
N|k0N
Member
 
Registered: Aug 2004
Location: New York
Posts: 63

Rep: Reputation: 15
Zombie Process


Code:
top - 15:47:15 up 9 days, 14:09,  2 users,  load average: 0.72, 0.41, 0.18
Tasks:  64 total,   1 running,  62 sleeping,   0 stopped,   1 zombie
Cpu(s): 13.0% us,  0.7% sy,  0.0% ni, 86.4% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:    246692k total,   236092k used,    10600k free,    26968k buffers
Swap:        0k total,        0k used,        0k free,    49668k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 3388 root      15  -1 89740  73m 5164 S 10.6 30.5 189:14.76 X
12705 root      16   0 22364  10m 8500 S  3.0  4.5   0:03.21 gnome-terminal
12712 root      16   0  1956 1052  836 R  0.3  0.4   0:00.64 top
    1 root      16   0   480   80   52 S  0.0  0.0   0:00.76 init
    2 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0
    3 root      34  19     0    0    0 S  0.0  0.0   0:00.42 ksoftirqd/0
    4 root       5 -10     0    0    0 S  0.0  0.0   0:03.62 events/0
    5 root       5 -10     0    0    0 S  0.0  0.0   0:00.02 khelper
   17 root      14 -10     0    0    0 S  0.0  0.0   0:00.00 kacpid
  119 root       5 -10     0    0    0 S  0.0  0.0   0:02.81 kblockd/0
  133 root      15   0     0    0    0 S  0.0  0.0   0:00.59 khubd
  239 root      15   0     0    0    0 S  0.0  0.0   0:01.47 pdflush
  241 root       9 -10     0    0    0 S  0.0  0.0   0:00.00 aio/0
  240 root      16   0     0    0    0 S  0.0  0.0   0:15.00 kswapd0
  832 root      17   0     0    0    0 S  0.0  0.0   0:00.00 kseriod
  869 root       6 -10     0    0    0 S  0.0  0.0   0:00.00 ata/0
  873 root      16   0     0    0    0 S  0.0  0.0   0:00.00 khpsbpkt
  883 root      15   0     0    0    0 S  0.0  0.0   0:00.00 pccardd
  928 root      15   0     0    0    0 S  0.0  0.0   0:06.31 kjournald
 1047 root       7 -10  1376  204  124 S  0.0  0.1   0:00.05 udevd
 1984 root      16   0  1444  308  216 S  0.0  0.1   0:00.10 syslogd
 1987 root      16   0  1380  264  192 S  0.0  0.1   0:00.02 klogd
 1990 root      19   0  1540  364  168 S  0.0  0.1   0:00.00 cardmgr
 2931 root       6 -10  1404  320  244 S  0.0  0.1   0:00.01 dhcpcd
 3182 root      16   0  1500  356  272 S  0.0  0.1   0:00.06 crond
 3184 daemon    16   0  1508  308  220 S  0.0  0.1   0:00.00 atd
 3188 root      18   0  1380  248  172 S  0.0  0.1   0:00.00 acpid
 3213 root      15   0  3580 1480  156 S  0.0  0.6   0:00.25 bash
 3222 root      16   0  1376  236  164 S  0.0  0.1   0:00.00 agetty
 3223 root      16   0  1376  236  164 S  0.0  0.1   0:00.00 agetty
 3224 root      16   0  1376  236  164 S  0.0  0.1   0:00.00 agetty
 3225 root      16   0  1376  236  164 S  0.0  0.1   0:00.00 agetty
 3282 root      16   0  1376  236  164 S  0.0  0.1   0:00.00 agetty
 3375 root      25   0  2408  440  152 S  0.0  0.2   0:00.01 startx
How do i get rid of that zombie process? Is my computer being used for a zombie bot? Is that what that means?
 
Old 05-25-2005, 05:56 PM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
A zombie process is nothing to worry about. It is not _any_ sort of security issue. I dug this up on google, it explains a zombie process better than I could:
http://www.ale.org/archive/ale/ale-1.../msg00394.html
 
Old 05-26-2005, 10:05 PM   #3
N|k0N
Member
 
Registered: Aug 2004
Location: New York
Posts: 63

Original Poster
Rep: Reputation: 15
Thank you very much. I have one more question, as you see in that copy of my pc's statistics i have two users running on my pc. What i need to find out is who is the other user. When i type "users" i get "root root" twice. Is there any way for me to figure out why i have two root accounts running? I had installed clamav a couple of days back but i assumed that the group would be named clamav (installed using a .tgz file) Any ideas?
 
Old 05-26-2005, 10:14 PM   #4
JrLz
Member
 
Registered: Mar 2004
Location: Jakarta
Posts: 164

Rep: Reputation: 30
a zombie process is an uncleaned proccess on your system......
due to maybe a program bug........
a zombie process have 'Z' ,not 'S' or 'R' state.
I can't see it on your 'top' post......
 
Old 05-28-2005, 11:41 PM   #5
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
Quote:
Is there any way for me to figure out why i have two root accounts running?
Type 'w' and see what they are running.

Jrlz,

He sees 'zombie' here:
Tasks: 64 total, 1 running, 62 sleeping, 0 stopped, 1 zombie

But yes, none of the processes are in a 'Z'ombie state. So I'm wondering how top is picking that up.

-twantrd
 
Old 05-29-2005, 01:48 AM   #6
N|k0N
Member
 
Registered: Aug 2004
Location: New York
Posts: 63

Original Poster
Rep: Reputation: 15
Code:
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                16May05 13days  6:38m  0.01s /bin/sh /usr/X1
root     pts/0    :0               02:46    1.00s  0.01s  0.00s w
Thats what i get when i type the "w" command.
 
Old 09-13-2007, 11:14 PM   #7
ansarimuzaffar
LQ Newbie
 
Registered: Jul 2005
Location: Mumbai/India
Distribution: RedHat & SUSE
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by N|k0N View Post
Code:
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                16May05 13days  6:38m  0.01s /bin/sh /usr/X1
root     pts/0    :0               02:46    1.00s  0.01s  0.00s w
Thats what i get when i type the "w" command.
The first user which is logged on to 'tty1' is the shell from where you had initially logged on in a non-gui mode or runlevel 3 and it is from here that you have gone into gui mode or runlevel 5 by using some command say 'startx' as in linux.

The second terminal is the 'pts/0' which is normally used by the gui mode to open a separate session for the user to log in again in the gui mode. When you will log out of the gui mode it will again take you the terminal 'tty1' and then after issuing the command 'w' will show you on only one user i.e. the first one.

If you want to go to 'tty1' from the gui mode without logging out from the gui mode you can use the key combination 'Ctrl+Alt+F1'.

Last edited by ansarimuzaffar; 09-13-2007 at 11:18 PM.
 
Old 09-14-2007, 04:54 PM   #8
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by JrLz View Post
a zombie process is an uncleaned proccess on your system......
due to maybe a program bug........
a zombie process have 'Z' ,not 'S' or 'R' state.
I can't see it on your 'top' post......
A zombie process is a process in which it's parent process has died or was stopped manually and immediately (kill -9 comes to mind). It usually occurs when a parent process doesn't stop cleanly.

I don't think it has anything to do with bugs.

The link that bulliver provides isn't working for me (dunno if others here are having the same issue), so here's another definition:

A zombie process doesn't react to signals because it's not really a process at all- it's just what's left over after it died. What's supposed to happen is that its parent process was to issue a "wait()" to collect the information about its exit. If the parent doesn't (programming error or just bad programming), you get a zombie. The zombie will go away if its parent dies- it will be "adopted" by init which will do the wait()- so if you see one hanging about, check its parent; if it is init, it will be gone soon, if not the only recourse is to kill the parent..which you may or may not want to do. -- from http://aplawrence.com/SCOFAQ/FAQ_scotec6cantkill.html
 
Old 09-22-2007, 02:01 AM   #9
jdiggitydogg
Member
 
Registered: Sep 2007
Posts: 42

Rep: Reputation: 15
use the 'who' command to see who is logged in and if they are logged in from a local console or from a remote host.

also, to see if you have any zombie processes, use 'ps -aux'. if you see a 'Z' in the STAT column, then that process is zombied. not a big deal unless you have many.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Zombie process - XMMS FeaRx Debian 3 11-04-2005 03:27 AM
Zombie process - gnomerc Artik Mandriva 0 05-10-2005 01:45 AM
zombie process ihatecomputers Linux - Software 2 03-24-2005 07:09 AM
Zombie Process Handling kghoshal Linux - Newbie 2 07-21-2003 09:10 AM
Zombie process and dialup pbm Linux - General 2 06-27-2002 10:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration