Date: Mon, 9 Jan 2017 10:04:16 -0700 (MST) From: Warren Block <wblock@wonkity.com> To: bycn82@dragonflybsd.org Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: /tmp/swap is causing my CPU busy Message-ID: <alpine.BSF.2.20.1701091000290.3484@wonkity.com> In-Reply-To: <CAC%2BJH2wO6kpKB8DfHMW=Yi081Hi4jU=vnFzuyq54jXPhbqk0YQ@mail.gmail.com> References: <CAC%2BJH2wO6kpKB8DfHMW=Yi081Hi4jU=vnFzuyq54jXPhbqk0YQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Jan 2017, Bill Yuan wrote: > Hi, > Need support here. I just noticed my machine is busy and a process is the > root cause, I am not familiar with the memory/SWAP, Can someone please help > to take a look? any info is required? please let me know. > > #top > 52 processes: 1 running, 50 sleeping, 1 zombie > CPU: 3.5% user, 0.0% nice, 0.6% system, 0.0% interrupt, 95.9% idle > Mem: 53M Active, 997M Inact, 133M Wired, 44M Buf, 791M Free > Swap: 2100M Total, 2100M Free > > PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU > COMMAND > 25592 root 10 25 0 778M 9272K uwait 3 0:38 19.02% > .swap > 25599 root 1 20 0 7416K 2596K CPU0 0 0:00 0.11% top > > #ps -axd | grep swap > 25481 0 S+ 0:00.00 | | `-- grep swap > 22927 - Ss 172:10.74 |-- /tmp/.swap > > #uname -a > FreeBSD NetGate1 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu > Sep 29 03:40:55 UTC 2016 > root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC > i386 That does not look good to me. A hidden file named ".swap" that is *running*, and as root? I would immediately disconnect that machine from the net and then check to see if that's a compromise, because it sure looks fishy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1701091000290.3484>