From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 10 13:22:25 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 236B316A50B
	for <freebsd-questions@freebsd.org>;
	Wed, 10 Jan 2007 13:22:25 +0000 (UTC)
	(envelope-from youshi10@u.washington.edu)
Received: from mxout2.cac.washington.edu (mxout2.cac.washington.edu
	[140.142.33.4])
	by mx1.freebsd.org (Postfix) with ESMTP id 02FCF13C457
	for <freebsd-questions@freebsd.org>;
	Wed, 10 Jan 2007 13:22:24 +0000 (UTC)
	(envelope-from youshi10@u.washington.edu)
Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.7] (may be
	forged))
	by mxout2.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP
	id l0ADMO4B007396
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <freebsd-questions@freebsd.org>; Wed, 10 Jan 2007 05:22:24 -0800
X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net
	[216.254.13.145]) (authenticated authid=youshi10)
	by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id
	l0ADMN0h002294
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <freebsd-questions@freebsd.org>; Wed, 10 Jan 2007 05:22:24 -0800
Message-ID: <45A4E88F.8020303@u.washington.edu>
Date: Wed, 10 Jan 2007 05:22:23 -0800
From: Garrett Cooper <youshi10@u.washington.edu>
User-Agent: Thunderbird 1.5.0.9 (X11/20070109)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <2cd0a0da0701100512m6a5dc858se959da9dd725d069@mail.gmail.com>
In-Reply-To: <2cd0a0da0701100512m6a5dc858se959da9dd725d069@mail.gmail.com>
X-Enigmail-Version: 0.94.1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055,
	Antispam-Data: 2007.1.10.50933
X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0,
	__CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __LINES_OF_YELLING 0,
	__MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0,
	__USER_AGENT 0'
Subject: Re: Process List & Security??
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2007 13:22:25 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VeeJay wrote:
> Hi
> 
> Can some good one at security side look into these running process? And see
> if there is a Process some is dangerous/ security breach which a Bad User
> has put? Thanks
> 
> $ ps xa
>  PID  TT  STAT      TIME COMMAND
>    0  ??  WLs    0:00.00 [swapper]
>    1  ??  ILs    0:00.00 /sbin/init --
>    2  ??  DL     0:02.90 [g_event]
>    3  ??  DL     0:02.87 [g_up]
>    4  ??  DL     0:03.04 [g_down]
>    5  ??  DL     0:00.00 [thread taskq]
>    6  ??  DL     0:00.00 [acpi_task_0]
>    7  ??  DL     0:00.00 [acpi_task_1]
>    8  ??  DL     0:00.00 [acpi_task_2]
>    9  ??  DL     0:00.00 [kqueue taskq]
>   10  ??  RL   2775:10.56 [idle]
>   11  ??  WL     0:59.34 [swi4: clock sio]
>   12  ??  WL     0:00.00 [swi3: vm]
>   13  ??  WL     0:00.10 [swi1: net]
>   14  ??  DL     0:02.65 [yarrow]
>   15  ??  WL     0:00.00 [swi5: +]
>   16  ??  WL     0:00.00 [swi2: cambio]
>   17  ??  WL     0:00.00 [swi6: task queue]
>   18  ??  WL     0:00.00 [swi6: Giant taskq]
>   19  ??  WL     0:00.00 [irq9: acpi0]
>   20  ??  WL     0:00.22 [irq16: bce0 em0+]
>   21  ??  WL     0:00.32 [irq78: mfi0]
>   22  ??  WL     0:00.00 [irq17: em1]
>   23  ??  WL     0:00.00 [irq21: uhci0 uhci+]
>   24  ??  DL     0:00.01 [usb0]
>   25  ??  DL     0:00.00 [usbtask]
>   26  ??  WL     0:00.00 [irq20: uhci1]
>   27  ??  DL     0:00.01 [usb1]
>   28  ??  DL     0:00.01 [usb2]
>   29  ??  DL     0:00.01 [usb3]
>   30  ??  WL     0:00.00 [irq14: ata0]
>   31  ??  WL     0:00.00 [irq15: ata1]
>   32  ??  WL     0:00.00 [swi0: sio]
>   33  ??  WL     0:00.00 [irq1: atkbd0]
>   34  ??  DL     0:00.07 [pagedaemon]
>   35  ??  DL     0:00.00 [vmdaemon]
>   36  ??  DL     0:01.11 [pagezero]
>   37  ??  DL     0:00.30 [bufdaemon]
>   38  ??  DL     0:59.50 [syncer]
>   39  ??  DL     0:00.29 [vnlru]
>   40  ??  DL     0:00.43 [softdepflush]
>   41  ??  DL     0:01.41 [schedcpu]
>  151  ??  Is     0:00.00 adjkerntz -i
>  644  ??  Is     0:00.00 /sbin/devd
>  688  ??  Ss     0:00.14 /usr/sbin/syslogd -s
>  761  ??  Ss     0:00.09 /usr/sbin/usbd
>  809  ??  Is     0:00.06 /usr/sbin/sshd
>  815  ??  Ss     0:00.90 sendmail: accepting connections (sendmail)
>  819  ??  Is     0:00.02 sendmail: Queue runner@00:30:00 for
> /var/spool/clientmqueue (sendmail)
>  825  ??  Is     0:00.22 /usr/sbin/cron -s
> 1007  ??  Ss     0:01.10 /usr/local/apache/bin/httpd
> 1008  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1009  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1010  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1011  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1012  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1037  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 7862  ??  Is     0:00.01 sshd: digill7b [priv] (sshd)
> 7866  ??  S      0:00.01 sshd: digill7b@ttyp0 (sshd)
>  866  v0  Is+    0:00.00 /usr/libexec/getty Pc ttyv0
>  867  v1  Is+    0:00.00 /usr/libexec/getty Pc ttyv1
>  868  v2  Is+    0:00.00 /usr/libexec/getty Pc ttyv2
>  869  v3  Is+    0:00.00 /usr/libexec/getty Pc ttyv3
>  870  v4  Is+    0:00.00 /usr/libexec/getty Pc ttyv4
>  871  v5  Is+    0:00.00 /usr/libexec/getty Pc ttyv5
>  872  v6  Is+    0:00.00 /usr/libexec/getty Pc ttyv6
>  873  v7  Is+    0:00.00 /usr/libexec/getty Pc ttyv7
> 7867  p0  Ss     0:00.00 -sh (sh)
> 7928  p0  R+     0:00.00 ps xa
> 1015  p2- I      0:00.00 /bin/sh /usr/local/mysql/bin/mysqld_safe
> 1033  p2- S      0:11.97 /usr/local/mysql/libexec/mysqld
> --basedir=/usr/local/mysql --datadir=/var/db/mysql --user=mysql
> --pid-file=/var/db/mysql/localhost.maanjee.pid --port=33

Nothing out of the ordinary. Just make sure you have sendmail setup
properly so people can't send mail from the box without authentication
and effectively spam hordes of people. See saslauth about that in the
handbook.

- -Garrett

PS We (the list subscribers) aren't your sysadmins, and you should know
what these processes are if you're administering the box :)... manpages
reveal what you need to know about each process and Google searches
_may_ reveal further information..
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFpOiPEnKyINQw/HARAlzwAJ4jmga5IPQ3NqjfGQlG9LHk9Aor/gCgpFBJ
iGaBODnu6KBcXDhZp96H2Bw=
=5Mgs
-----END PGP SIGNATURE-----