Date: Wed, 10 Jan 2007 05:22:23 -0800 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: Process List & Security?? Message-ID: <45A4E88F.8020303@u.washington.edu> In-Reply-To: <2cd0a0da0701100512m6a5dc858se959da9dd725d069@mail.gmail.com> References: <2cd0a0da0701100512m6a5dc858se959da9dd725d069@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VeeJay wrote: > Hi > > Can some good one at security side look into these running process? And see > if there is a Process some is dangerous/ security breach which a Bad User > has put? Thanks > > $ ps xa > PID TT STAT TIME COMMAND > 0 ?? WLs 0:00.00 [swapper] > 1 ?? ILs 0:00.00 /sbin/init -- > 2 ?? DL 0:02.90 [g_event] > 3 ?? DL 0:02.87 [g_up] > 4 ?? DL 0:03.04 [g_down] > 5 ?? DL 0:00.00 [thread taskq] > 6 ?? DL 0:00.00 [acpi_task_0] > 7 ?? DL 0:00.00 [acpi_task_1] > 8 ?? DL 0:00.00 [acpi_task_2] > 9 ?? DL 0:00.00 [kqueue taskq] > 10 ?? RL 2775:10.56 [idle] > 11 ?? WL 0:59.34 [swi4: clock sio] > 12 ?? WL 0:00.00 [swi3: vm] > 13 ?? WL 0:00.10 [swi1: net] > 14 ?? DL 0:02.65 [yarrow] > 15 ?? WL 0:00.00 [swi5: +] > 16 ?? WL 0:00.00 [swi2: cambio] > 17 ?? WL 0:00.00 [swi6: task queue] > 18 ?? WL 0:00.00 [swi6: Giant taskq] > 19 ?? WL 0:00.00 [irq9: acpi0] > 20 ?? WL 0:00.22 [irq16: bce0 em0+] > 21 ?? WL 0:00.32 [irq78: mfi0] > 22 ?? WL 0:00.00 [irq17: em1] > 23 ?? WL 0:00.00 [irq21: uhci0 uhci+] > 24 ?? DL 0:00.01 [usb0] > 25 ?? DL 0:00.00 [usbtask] > 26 ?? WL 0:00.00 [irq20: uhci1] > 27 ?? DL 0:00.01 [usb1] > 28 ?? DL 0:00.01 [usb2] > 29 ?? DL 0:00.01 [usb3] > 30 ?? WL 0:00.00 [irq14: ata0] > 31 ?? WL 0:00.00 [irq15: ata1] > 32 ?? WL 0:00.00 [swi0: sio] > 33 ?? WL 0:00.00 [irq1: atkbd0] > 34 ?? DL 0:00.07 [pagedaemon] > 35 ?? DL 0:00.00 [vmdaemon] > 36 ?? DL 0:01.11 [pagezero] > 37 ?? DL 0:00.30 [bufdaemon] > 38 ?? DL 0:59.50 [syncer] > 39 ?? DL 0:00.29 [vnlru] > 40 ?? DL 0:00.43 [softdepflush] > 41 ?? DL 0:01.41 [schedcpu] > 151 ?? Is 0:00.00 adjkerntz -i > 644 ?? Is 0:00.00 /sbin/devd > 688 ?? Ss 0:00.14 /usr/sbin/syslogd -s > 761 ?? Ss 0:00.09 /usr/sbin/usbd > 809 ?? Is 0:00.06 /usr/sbin/sshd > 815 ?? Ss 0:00.90 sendmail: accepting connections (sendmail) > 819 ?? Is 0:00.02 sendmail: Queue runner@00:30:00 for > /var/spool/clientmqueue (sendmail) > 825 ?? Is 0:00.22 /usr/sbin/cron -s > 1007 ?? Ss 0:01.10 /usr/local/apache/bin/httpd > 1008 ?? I 0:00.00 /usr/local/apache/bin/httpd > 1009 ?? I 0:00.00 /usr/local/apache/bin/httpd > 1010 ?? I 0:00.00 /usr/local/apache/bin/httpd > 1011 ?? I 0:00.00 /usr/local/apache/bin/httpd > 1012 ?? I 0:00.00 /usr/local/apache/bin/httpd > 1037 ?? I 0:00.00 /usr/local/apache/bin/httpd > 7862 ?? Is 0:00.01 sshd: digill7b [priv] (sshd) > 7866 ?? S 0:00.01 sshd: digill7b@ttyp0 (sshd) > 866 v0 Is+ 0:00.00 /usr/libexec/getty Pc ttyv0 > 867 v1 Is+ 0:00.00 /usr/libexec/getty Pc ttyv1 > 868 v2 Is+ 0:00.00 /usr/libexec/getty Pc ttyv2 > 869 v3 Is+ 0:00.00 /usr/libexec/getty Pc ttyv3 > 870 v4 Is+ 0:00.00 /usr/libexec/getty Pc ttyv4 > 871 v5 Is+ 0:00.00 /usr/libexec/getty Pc ttyv5 > 872 v6 Is+ 0:00.00 /usr/libexec/getty Pc ttyv6 > 873 v7 Is+ 0:00.00 /usr/libexec/getty Pc ttyv7 > 7867 p0 Ss 0:00.00 -sh (sh) > 7928 p0 R+ 0:00.00 ps xa > 1015 p2- I 0:00.00 /bin/sh /usr/local/mysql/bin/mysqld_safe > 1033 p2- S 0:11.97 /usr/local/mysql/libexec/mysqld > --basedir=/usr/local/mysql --datadir=/var/db/mysql --user=mysql > --pid-file=/var/db/mysql/localhost.maanjee.pid --port=33 Nothing out of the ordinary. Just make sure you have sendmail setup properly so people can't send mail from the box without authentication and effectively spam hordes of people. See saslauth about that in the handbook. - -Garrett PS We (the list subscribers) aren't your sysadmins, and you should know what these processes are if you're administering the box :)... manpages reveal what you need to know about each process and Google searches _may_ reveal further information.. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpOiPEnKyINQw/HARAlzwAJ4jmga5IPQ3NqjfGQlG9LHk9Aor/gCgpFBJ iGaBODnu6KBcXDhZp96H2Bw= =5Mgs -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45A4E88F.8020303>