slocate-attack ???

slocate-attack ???

Post by Egon » Sat, 16 Sep 2000 04:00:00



First at all thanx for reading this.
I cant find answers in any HOWTO about this Questions.
Can someone help ?

I got on a Linux-System (RedHat 6.1), some processes i cant kill,
it is the slocate process startet from crond,
there are about 20 process that cant be stopped
by any kill even SIGKILL as signal ???
What is it, can it be an attack ???

 
 
 

slocate-attack ???

Post by Wayne Polloc » Sat, 16 Sep 2000 04:00:00



> First at all thanx for reading this.
> I cant find answers in any HOWTO about this Questions.
> Can someone help ?

> I got on a Linux-System (RedHat 6.1), some processes i cant kill,
> it is the slocate process startet from crond,
> there are about 20 process that cant be stopped
> by any kill even SIGKILL as signal ???
> What is it, can it be an attack ???

Most likely you were not root when you tried to kill the
processes.  Only root can kill processes that don't belong to
the current user.

Less likely but possible is that the processes are already dead,
actually "zombie" processes.  Not all zombies will be identified
as such when running ps.  Such processes are not actually
running anymore, and the process table entry will be cleaned
up when you reboot.

A last possibility is that the process was started by init via
"respawn".  You can check /etc/inittab to see if this was the problem.

-Wayne Pollock

 
 
 

slocate-attack ???

Post by Chris Ahlstro » Sat, 16 Sep 2000 04:00:00



> First at all thanx for reading this.
> I cant find answers in any HOWTO about this Questions.
> Can someone help ?

> I got on a Linux-System (RedHat 6.1), some processes i cant kill,
> it is the slocate process startet from crond,
> there are about 20 process that cant be stopped
> by any kill even SIGKILL as signal ???
> What is it, can it be an attack ???

Run the "top" app from the command line.  It'll give you a
"tab of processes" and try to count zombie processes.

Chris

--
[X] Check here to always trust content from Chris
[ ] Check here to accept charges from Microsoft

 
 
 

slocate-attack ???

Post by David Efflan » Sun, 17 Sep 2000 11:29:12



>First at all thanx for reading this.
>I cant find answers in any HOWTO about this Questions.
>Can someone help ?

>I got on a Linux-System (RedHat 6.1), some processes i cant kill,
>it is the slocate process startet from crond,
>there are about 20 process that cant be stopped
>by any kill even SIGKILL as signal ???
>What is it, can it be an attack ???

It means that you are up too late, or too early.  If this happens at
around 4:00 AM, it is just the cron.daily running /usr/bin/updatedb, so
your 'locate' command (officially slocate) has a current list of files.

Try:  locate locate

--

http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://hammer.prohosting.com/~cgi-wiz/  http://cgi-help.virtualave.net/

 
 
 

1. slocate-attack ???

First at all thanx for reading this.
I cant find answers in any HOWTO about this Questions.
Can someone help ?

I got on a Linux-System (RedHat 6.1), some processes i cant kill,
it is the slocate process startet from crond,
there are about 20 process that cant be stopped
by any kill even SIGKILL as signal ???
What is it, can it be an attack ???

2. linux box compromised: advice needed

3. Help, I need a list of Denial of Service attack by symptom to track an attack

4. gdb can't start linuxthreads

5. Tried attack or succesfull attack on mountd?

6. Forbiden error messages.

7. slocate.cron -- path expansion quesion

8. /dev/rmt/0cbn or /dev/rmt/0mbn?

9. Syntax error in slocate.cron shell script

10. Newbie: pstree, slocate, mingetty, makewhatis and gawk

11. Trouble with slocate

12. don't run slocate if just run 5 minutes ago

13. slocate.cron and cron.weekly Errors