Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-25-2005, 03:49 PM
|
#1
|
Member
Registered: Aug 2004
Location: New York
Posts: 63
Rep:
|
Zombie Process
Code:
top - 15:47:15 up 9 days, 14:09, 2 users, load average: 0.72, 0.41, 0.18
Tasks: 64 total, 1 running, 62 sleeping, 0 stopped, 1 zombie
Cpu(s): 13.0% us, 0.7% sy, 0.0% ni, 86.4% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 246692k total, 236092k used, 10600k free, 26968k buffers
Swap: 0k total, 0k used, 0k free, 49668k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3388 root 15 -1 89740 73m 5164 S 10.6 30.5 189:14.76 X
12705 root 16 0 22364 10m 8500 S 3.0 4.5 0:03.21 gnome-terminal
12712 root 16 0 1956 1052 836 R 0.3 0.4 0:00.64 top
1 root 16 0 480 80 52 S 0.0 0.0 0:00.76 init
2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.42 ksoftirqd/0
4 root 5 -10 0 0 0 S 0.0 0.0 0:03.62 events/0
5 root 5 -10 0 0 0 S 0.0 0.0 0:00.02 khelper
17 root 14 -10 0 0 0 S 0.0 0.0 0:00.00 kacpid
119 root 5 -10 0 0 0 S 0.0 0.0 0:02.81 kblockd/0
133 root 15 0 0 0 0 S 0.0 0.0 0:00.59 khubd
239 root 15 0 0 0 0 S 0.0 0.0 0:01.47 pdflush
241 root 9 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0
240 root 16 0 0 0 0 S 0.0 0.0 0:15.00 kswapd0
832 root 17 0 0 0 0 S 0.0 0.0 0:00.00 kseriod
869 root 6 -10 0 0 0 S 0.0 0.0 0:00.00 ata/0
873 root 16 0 0 0 0 S 0.0 0.0 0:00.00 khpsbpkt
883 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pccardd
928 root 15 0 0 0 0 S 0.0 0.0 0:06.31 kjournald
1047 root 7 -10 1376 204 124 S 0.0 0.1 0:00.05 udevd
1984 root 16 0 1444 308 216 S 0.0 0.1 0:00.10 syslogd
1987 root 16 0 1380 264 192 S 0.0 0.1 0:00.02 klogd
1990 root 19 0 1540 364 168 S 0.0 0.1 0:00.00 cardmgr
2931 root 6 -10 1404 320 244 S 0.0 0.1 0:00.01 dhcpcd
3182 root 16 0 1500 356 272 S 0.0 0.1 0:00.06 crond
3184 daemon 16 0 1508 308 220 S 0.0 0.1 0:00.00 atd
3188 root 18 0 1380 248 172 S 0.0 0.1 0:00.00 acpid
3213 root 15 0 3580 1480 156 S 0.0 0.6 0:00.25 bash
3222 root 16 0 1376 236 164 S 0.0 0.1 0:00.00 agetty
3223 root 16 0 1376 236 164 S 0.0 0.1 0:00.00 agetty
3224 root 16 0 1376 236 164 S 0.0 0.1 0:00.00 agetty
3225 root 16 0 1376 236 164 S 0.0 0.1 0:00.00 agetty
3282 root 16 0 1376 236 164 S 0.0 0.1 0:00.00 agetty
3375 root 25 0 2408 440 152 S 0.0 0.2 0:00.01 startx
How do i get rid of that zombie process? Is my computer being used for a zombie bot? Is that what that means?
|
|
|
05-25-2005, 06:56 PM
|
#2
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,764
Rep:
|
A zombie process is nothing to worry about. It is not _any_ sort of security issue. I dug this up on google, it explains a zombie process better than I could:
http://www.ale.org/archive/ale/ale-1.../msg00394.html
|
|
|
05-26-2005, 11:05 PM
|
#3
|
Member
Registered: Aug 2004
Location: New York
Posts: 63
Original Poster
Rep:
|
Thank you very much. I have one more question, as you see in that copy of my pc's statistics i have two users running on my pc. What i need to find out is who is the other user. When i type "users" i get "root root" twice. Is there any way for me to figure out why i have two root accounts running? I had installed clamav a couple of days back but i assumed that the group would be named clamav (installed using a .tgz file) Any ideas?
|
|
|
05-26-2005, 11:14 PM
|
#4
|
Member
Registered: Mar 2004
Location: Jakarta
Posts: 164
Rep:
|
a zombie process is an uncleaned proccess on your system......
due to maybe a program bug........
a zombie process have 'Z' ,not 'S' or 'R' state.
I can't see it on your 'top' post......
|
|
|
05-29-2005, 12:41 AM
|
#5
|
Senior Member
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440
Rep:
|
Quote:
Is there any way for me to figure out why i have two root accounts running?
|
Type 'w' and see what they are running.
Jrlz,
He sees 'zombie' here:
Tasks: 64 total, 1 running, 62 sleeping, 0 stopped, 1 zombie
But yes, none of the processes are in a 'Z'ombie state. So I'm wondering how top is picking that up.
-twantrd
|
|
|
05-29-2005, 02:48 AM
|
#6
|
Member
Registered: Aug 2004
Location: New York
Posts: 63
Original Poster
Rep:
|
Code:
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - 16May05 13days 6:38m 0.01s /bin/sh /usr/X1
root pts/0 :0 02:46 1.00s 0.01s 0.00s w
Thats what i get when i type the "w" command.
|
|
|
09-14-2007, 12:14 AM
|
#7
|
LQ Newbie
Registered: Jul 2005
Location: Mumbai/India
Distribution: RedHat & SUSE
Posts: 2
Rep:
|
Quote:
Originally Posted by N|k0N
Code:
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - 16May05 13days 6:38m 0.01s /bin/sh /usr/X1
root pts/0 :0 02:46 1.00s 0.01s 0.00s w
Thats what i get when i type the "w" command.
|
The first user which is logged on to 'tty1' is the shell from where you had initially logged on in a non-gui mode or runlevel 3 and it is from here that you have gone into gui mode or runlevel 5 by using some command say 'startx' as in linux.
The second terminal is the 'pts/0' which is normally used by the gui mode to open a separate session for the user to log in again in the gui mode. When you will log out of the gui mode it will again take you the terminal 'tty1' and then after issuing the command 'w' will show you on only one user i.e. the first one.
If you want to go to 'tty1' from the gui mode without logging out from the gui mode you can use the key combination 'Ctrl+Alt+F1'.
Last edited by ansarimuzaffar; 09-14-2007 at 12:18 AM.
|
|
|
09-14-2007, 05:54 PM
|
#8
|
Member
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Rep: 
|
Quote:
Originally Posted by JrLz
a zombie process is an uncleaned proccess on your system......
due to maybe a program bug........
a zombie process have 'Z' ,not 'S' or 'R' state.
I can't see it on your 'top' post......
|
A zombie process is a process in which it's parent process has died or was stopped manually and immediately (kill -9 comes to mind). It usually occurs when a parent process doesn't stop cleanly.
I don't think it has anything to do with bugs.
The link that bulliver provides isn't working for me (dunno if others here are having the same issue), so here's another definition:
A zombie process doesn't react to signals because it's not really a process at all- it's just what's left over after it died. What's supposed to happen is that its parent process was to issue a "wait()" to collect the information about its exit. If the parent doesn't (programming error or just bad programming), you get a zombie. The zombie will go away if its parent dies- it will be "adopted" by init which will do the wait()- so if you see one hanging about, check its parent; if it is init, it will be gone soon, if not the only recourse is to kill the parent..which you may or may not want to do. -- from http://aplawrence.com/SCOFAQ/FAQ_scotec6cantkill.html
|
|
|
09-22-2007, 03:01 AM
|
#9
|
Member
Registered: Sep 2007
Posts: 42
Rep:
|
use the 'who' command to see who is logged in and if they are logged in from a local console or from a remote host.
also, to see if you have any zombie processes, use 'ps -aux'. if you see a 'Z' in the STAT column, then that process is zombied. not a big deal unless you have many.
|
|
|
All times are GMT -5. The time now is 12:21 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|