Possible denial service attack?

[TELCO]

Dear all ,

I am asking for your help because I am having some problems
with my CACTIEZ server (CentOS 4.3) .
I have installed it 2 months ago, and so far it was woking OK.

Some days ago I began to have problems because it suddenly backwards
the server time or it stand still.

The processing raise to a 100 % and it cuts the graphics.
To solve the problem I have to reboot the PC.

It doesnt respond (by comand line) to the command " shutdown -r now "
and it only turn off after a long time using the command poweroff.

The server is crashed down..

What can be wrong?

Has someone got the same problem?
Or could I be victim of some kind of attack because of some
vulnerability of my system??

Thanks in advance.
Best Regards.

TELCO

[rony]

Well.....

Let's start with the hardware. Have you run any checks on the hardware to make sure you do not have any issues?

Have you inspected the system logs to determine what is happening to the server? Does dmesg give you any information that could point you in the direction of the issue?

[TELCO]

Hello Rony ,

This is my dmesg log.

Thanks in advance.
Best Regards

TELCO

[root@localhost log]# more dmesg
Linux version 2.6.9-42.0.2.EL (buildsvn@build-i386) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-3)) #1 Tue Aug 2
2 23:56:05 CDT 2006
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009f800 (usable)
BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000003fcf0000 (usable)
BIOS-e820: 000000003fcf0000 - 000000003fcfb000 (ACPI data)
BIOS-e820: 000000003fcfb000 - 000000003fd00000 (ACPI NVS)
BIOS-e820: 000000003fd00000 - 000000003fe80000 (usable)
BIOS-e820: 000000003fe80000 - 0000000040000000 (reserved)
BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
BIOS-e820: 00000000ff800000 - 00000000ffc00000 (reserved)
BIOS-e820: 00000000fffffc00 - 0000000100000000 (reserved)
126MB HIGHMEM available.
896MB LOWMEM available.
found SMP MP-table at 000f62d0
Using x86 segment limits to approximate NX protection
zapping low mappings.
On node 0 totalpages: 261760
DMA zone: 4096 pages, LIFO batch:1
Normal zone: 225280 pages, LIFO batch:16
HighMem zone: 32384 pages, LIFO batch:7
DMI present.
ACPI: RSDP (v000 PTLTD ) @ 0x000f6360
ACPI: RSDT (v001 PTLTD RSDT 0x060400d0 LTP 0x00000000) @ 0x3fcf73ec
ACPI: FADT (v001 IBM NETVISTA 0x060400d0 PTL 0x00000001) @ 0x3fcfaee2
ACPI: TCPA (v001 IBM NETVISTA 0x060400d0 PTL 0x00000001) @ 0x3fcfaf56
ACPI: MADT (v001 PTLTD APIC 0x060400d0 LTP 0x00000000) @ 0x3fcfaf88
ACPI: BOOT (v001 PTLTD $SBFTBL$ 0x060400d0 LTP 0x00000001) @ 0x3fcfafd8
ACPI: DSDT (v001 IBM Yelotail 0x060400d0 MSFT 0x0100000e) @ 0x00000000
ACPI: PM-Timer IO Port: 0x1008
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
Processor #0 15:2 APIC version 20
ACPI: LAPIC_NMI (acpi_id[0x00] high edge lint[0x1])
Enabling APIC mode: Flat. Using 0 I/O APICs
ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
IOAPIC[0]: apic_id 1, version 32, address 0xfec00000, GSI 0-23
ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
ACPI: IRQ9 used by override.
Using ACPI (MADT) for SMP configuration information
Allocating PCI resources starting at 50000000 (gap: 40000000:bec00000)
Built 1 zonelists
Kernel command line: ro root=LABEL=/
mapped APIC to ffffd000 (fee00000)
Initializing CPU#0
CPU 0 irqstacks, hard=c0400000 soft=c03ff000
PID hash table entries: 4096 (order: 12, 65536 bytes)
Detected 2791.671 MHz processor.
Using pmtmr for high-res timesource
Console: colour VGA+ 80x25
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Memory: 1033168k/1047040k available (2150k kernel code, 12980k reserved, 716k data, 164k init, 129472k highmem)
Calibrating delay using timer specific routine.. 5585.43 BogoMIPS (lpj=2792718)
Security Scaffold v1.0.0 initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
There is already a security framework initialized, register_security failed.
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
CPU: After generic identify, caps: bfebfbff 00000000 00000000 00000000
CPU: After vendor identify, caps: bfebfbff 00000000 00000000 00000000
CPU: Trace cache: 12K uops, L1 D cache: 8K
CPU: L2 cache: 512K
CPU: After all inits, caps: bfebf3ff 00000000 00000000 00000080
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU0: Intel P4/Xeon Extended MCE MSRs (12) available
CPU0: Thermal monitoring enabled
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz stepping 09
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
ENABLING IO-APIC IRQs
..TIMER: vector=0x31 pin1=0 pin2=-1
checking if image is initramfs... it is
Freeing initrd memory: 385k freed
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.10 entry at 0xfd98d, last bus=2
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
ACPI: Subsystem revision 20040816
ACPI: Interpreter enabled
ACPI: Using IOAPIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (00:00)
PCI: Probing PCI hardware (bus 00)
PCI: Ignoring BAR0-3 of IDE controller 0000:00:1f.1
PCI: Transparent bridge - 0000:00:1e.0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.SLOT._PRT]
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 7 9 10 *11 12 14 15)
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 7 *9 10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 *5 7 9 10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 7 9 *10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 7 *9 10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 7 9 10 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 7 9 10 *11 12 14 15)
ACPI: PCI Interrupt Link [LNKH] (IRQs *3 4 5 7 9 10 11 12 14 15)
Linux Plug and Play Support v0.97 (c) Adam Belay
usbcore: registered new driver usbfs
usbcore: registered new driver hub
PCI: Using ACPI for IRQ routing
ACPI: PCI interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 177
ACPI: PCI interrupt 0000:00:1d.0[A] -> GSI 16 (level, low) -> IRQ 177
ACPI: PCI interrupt 0000:00:1d.1 -> GSI 19 (level, low) -> IRQ 185
ACPI: PCI interrupt 0000:00:1d.2[C] -> GSI 18 (level, low) -> IRQ 193
ACPI: PCI interrupt 0000:00:1d.7[D] -> GSI 23 (level, low) -> IRQ 201
ACPI: PCI interrupt 0000:00:1f.1[A] -> GSI 18 (level, low) -> IRQ 193
ACPI: PCI interrupt 0000:00:1f.3 -> GSI 17 (level, low) -> IRQ 209
ACPI: PCI interrupt 0000:00:1f.5 -> GSI 17 (level, low) -> IRQ 209
ACPI: PCI interrupt 0000:02:08.0[A] -> GSI 20 (level, low) -> IRQ 217
ACPI: PCI interrupt 0000:02:0a.0[A] -> GSI 22 (level, low) -> IRQ 225
ACPI: PCI interrupt 0000:02:0c.0[A] -> GSI 20 (level, low) -> IRQ 217
Simple Boot Flag at 0x6c set to 0x1
IBM machine detected. Enabling interrupts during APM calls.
apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16ac)
apm: overridden by ACPI.
audit: initializing netlink socket (disabled)
audit(1157968213.560:1): initialized
highmem bounce pool size: 64 pages
Total HugeTLB memory allocated, 0
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
SELinux: Registering netfilter hooks
Initializing Cryptographic API
ksign: Installing public key data
Loading keyring
- Added public key 5A9A04024D0CEFA
- User ID: CentOS (Kernel Module GPG key)
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
ACPI: Processor [CPU0] (supports C1, 8 throttling states)
ACPI: Thermal Zone [THM0] (54 C)
Real Time Clock Driver v1.12
Linux agpgart interface v0.100 (c) Dave Jones
agpgart: Detected an Intel 845G Chipset.
agpgart: Maximum main memory to use for agp memory: 940M
agpgart: Detected 892K stolen memory.
agpgart: AGP aperture is 128M @ 0x88000000
serio: i8042 AUX port at 0x60,0x64 irq 12
serio: i8042 KBD port at 0x60,0x64 irq 1
Serial: 8250/16550 driver $Revision: 1.90 $ 8 ports, IRQ sharing enabled
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
RAMDISK driver initialized: 16 RAM disks of 16384K size 1024 blocksize
divert: not allocating divert_blk for non-ethernet device lo
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
ICH4: IDE controller at PCI slot 0000:00:1f.1
PCI: Enabling device 0000:00:1f.1 (0005 -> 0007)
ACPI: PCI interrupt 0000:00:1f.1[A] -> GSI 18 (level, low) -> IRQ 193
ICH4: chipset revision 1
ICH4: not 100% native mode: will probe irqs later
ide0: BM-DMA at 0x1860-0x1867, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0x1868-0x186f, BIOS settings: hdc:DMA, hdd:pio
Probing IDE interface ide0...
hda: ST340014A, ATA DISK drive
Using cfq io scheduler
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Probing IDE interface ide1...
hdc: SAMSUNG CD-ROM SC-148C, ATAPI CD/DVD-ROM drive
hdc: Disabling (U)DMA for SAMSUNG CD-ROM SC-148C (blacklisted)
ide1 at 0x170-0x177,0x376 on irq 15
Probing IDE interface ide2...
Probing IDE interface ide3...
Probing IDE interface ide4...
Probing IDE interface ide5...
hda: max request size: 1024KiB
hda: 78156288 sectors (40016 MB) w/2048KiB Cache, CHS=16383/255/63, UDMA(100)
hda: cache flushes supported
hda: hda1 hda2 hda3
hdc: ATAPI 48X CD-ROM drive, 128kB Cache
Uniform CD-ROM driver Revision: 3.20
ide-floppy driver 0.99.newide
usbcore: registered new driver hiddev
usbcore: registered new driver usbhid
drivers/usb/input/hid-core.c: v2.0:USB HID core driver
mice: PS/2 mouse device common for all mice
md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
NET: Registered protocol family 2
IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
TCP bind hash table entries: 131072 (order: 9, 3670016 bytes)
TCP: Hash tables configured (established 131072 bind 131072)
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
ACPI: (supports S0 S1 S3 S4 S5)
ACPI wakeup devices:
USB1 USB2 USB3 USBE SLOT KBC COMA
Freeing unused kernel memory: 164k freed
EXT3-fs: INFO: recovery required on readonly filesystem.
EXT3-fs: write access will be enabled during recovery.
kjournald starting. Commit interval 5 seconds
EXT3-fs: hda2: orphan cleanup on readonly fs
ext3_orphan_cleanup: deleting unreferenced inode 4041825
ext3_orphan_cleanup: deleting unreferenced inode 3433926
ext3_orphan_cleanup: deleting unreferenced inode 3433925
ext3_orphan_cleanup: deleting unreferenced inode 3433924
ext3_orphan_cleanup: deleting unreferenced inode 3433923
EXT3-fs: hda2: 5 orphan inodes deleted
EXT3-fs: recovery complete.
EXT3-fs: mounted filesystem with ordered data mode.
SELinux: Disabled at runtime.
SELinux: Unregistering netfilter hooks
inserting floppy driver for 2.6.9-42.0.2.EL
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
ACPI: PCI interrupt 0000:02:0a.0[A] -> GSI 22 (level, low) -> IRQ 225
3c59x: Donald Becker and others. www.scyld.com/network/vortex.html
0000:02:0a.0: 3Com PCI 3c905B Cyclone 100baseTx at 0x2000. Vers LK1.1.19
divert: allocating divert_blk for eth0
ACPI: PCI interrupt 0000:02:0c.0[A] -> GSI 20 (level, low) -> IRQ 217
0000:02:0c.0: 3Com PCI 3c905B Cyclone 100baseTx at 0x2080. Vers LK1.1.19
divert: allocating divert_blk for eth1
e100: Intel(R) PRO/100 Network Driver, 3.5.10-k2-NAPI
e100: Copyright(c) 1999-2005 Intel Corporation
ACPI: PCI interrupt 0000:02:08.0[A] -> GSI 20 (level, low) -> IRQ 217
divert: allocating divert_blk for eth2
e100: eth2: e100_probe: addr 0xc0100000, irq 217, MAC addr 00:0D:60:A7:96:97
ACPI: PCI interrupt 0000:00:1f.5 -> GSI 17 (level, low) -> IRQ 209
PCI: Setting latency timer of device 0000:00:1f.5 to 64
intel8x0_measure_ac97_clock: measured 50041 usecs
intel8x0: clocking to 48000
hw_random: RNG not detected
ACPI: PCI interrupt 0000:00:1d.7[D] -> GSI 23 (level, low) -> IRQ 201
ehci_hcd 0000:00:1d.7: EHCI Host Controller
PCI: Setting latency timer of device 0000:00:1d.7 to 64
ehci_hcd 0000:00:1d.7: irq 201, pci mem f887e000
ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 1
PCI: cache line size of 128 is not supported by device 0000:00:1d.7
ehci_hcd 0000:00:1d.7: USB 2.0 enabled, EHCI 1.00, driver 2004-May-10
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 6 ports detected
USB Universal Host Controller Interface driver v2.2
ACPI: PCI interrupt 0000:00:1d.0[A] -> GSI 16 (level, low) -> IRQ 177
uhci_hcd 0000:00:1d.0: UHCI Host Controller
PCI: Setting latency timer of device 0000:00:1d.0 to 64
uhci_hcd 0000:00:1d.0: irq 177, io base 00001800
uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 2
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
ACPI: PCI interrupt 0000:00:1d.1 -> GSI 19 (level, low) -> IRQ 185
uhci_hcd 0000:00:1d.1: UHCI Host Controller
PCI: Setting latency timer of device 0000:00:1d.1 to 64
uhci_hcd 0000:00:1d.1: irq 185, io base 00001820
uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 3
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 2 ports detected
ACPI: PCI interrupt 0000:00:1d.2[C] -> GSI 18 (level, low) -> IRQ 193
uhci_hcd 0000:00:1d.2: UHCI Host Controller
PCI: Setting latency timer of device 0000:00:1d.2 to 64
uhci_hcd 0000:00:1d.2: irq 193, io base 00001840
uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 4
hub 4-0:1.0: USB hub found
hub 4-0:1.0: 2 ports detected
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
ACPI: Power Button (FF) [PWRF]
EXT3 FS on hda2, internal journal
device-mapper: 4.5.0-ioctl (2005-10-04) initialised: dm-devel@redhat.com
cdrom: open failed.
kjournald starting. Commit interval 5 seconds
EXT3 FS on hda1, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Adding 779144k swap on /dev/hda3. Priority:-1 extents:1
[root@localhost log]#

[rony]

Nothing bad there.

But, don't really know what to tell you at this point.

[cigamit]

The processing raise to a 100 % and it cuts the graphics.
To solve the problem I have to reboot the PC.

The next time it crashes, check to see what process is using 100%.

[TELCO]

Dear cigamit ,

This is my TOP output command at the crashdown moment :

[root@localhost ~]# top

top - 21:48:02 up 8:14, 1 user, load average: 0.11, 0.11, 0.22
Tasks: 50 total, 6 running, 43 sleeping, 1 stopped, 0 zombie
Cpu(s): 22.7% us, 4.4% sy, 0.0% ni, 70.9% id, 1.9% wa, 0.1% hi, 0.0% si
Mem: 1034160k total, 626912k used, 407248k free, 35120k buffers
Swap: 779144k total, 0k used, 779144k free, 508384k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 16 0 2456 548 472 R 0.0 0.1 0:00.83 init
2 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
3 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 events/0
4 root 9 -10 0 0 0 S 0.0 0.0 0:00.01 khelper
5 root 15 -10 0 0 0 S 0.0 0.0 0:00.00 kacpid
18 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
36 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
37 root 15 0 0 0 0 S 0.0 0.0 0:01.53 pdflush
39 root 12 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0
19 root 25 0 0 0 0 S 0.0 0.0 0:00.00 khubd
38 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
185 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kseriod
301 root 15 0 0 0 0 S 0.0 0.0 0:00.77 kjournald
1390 root 6 -10 2552 468 380 S 0.0 0.0 0:00.01 udevd
1669 root 6 -10 0 0 0 S 0.0 0.0 0:00.00 kauditd
1710 root 6 -10 0 0 0 S 0.0 0.0 0:00.00 kmirrord
1733 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kjournald
2577 root 16 0 5332 1736 1216 S 0.0 0.2 0:00.22 msyslogd
2620 root 16 0 2608 508 300 S 0.0 0.0 0:00.00 smartd
2630 root 17 0 12460 4140 2232 S 0.0 0.4 0:00.06 snmpd
2675 root 17 0 4776 1132 836 S 0.0 0.1 0:00.50 sshd
2688 root 18 0 3004 756 624 S 0.0 0.1 0:00.00 xinetd
2749 root 21 0 5196 1240 1080 S 0.0 0.1 0:00.00 mysqld_safe
2782 mysql 16 0 131m 22m 3860 S 0.0 2.3 8:06.58 mysqld
2817 root 16 0 8536 2020 984 S 0.0 0.2 0:00.03 sendmail
2825 smmsp 16 0 7108 1620 812 S 0.0 0.2 0:00.00 sendmail
2839 root 16 0 49716 6344 4108 R 0.0 0.6 0:00.21 httpd


The actual time and date is : Sep 12 09:17:00 ART 2006

[root@localhost ~]# date
Mon Sep 11 21:48:18 ART 2006
[root@localhost ~]#

I changed the battery of the server but the problem continues being. I dont know that it can be happening.

Thanks in advance.
Best Regards.

TELCO

[egarnel]

have you run any forensics on the system? checked the logs? any strange new accounts? file integrity checks?

Is this a stock CactiEZ install or have you hardened it any?
Also, given your date on the server, have you setup ntp to sync your time?

[TELCO]

[TELCO]

[TELCO]

Dear egarnel ,

To that you talk about with forensics ?
In logs I do not see anything strange.
As I verify the integrity of the files ?? I have a Standard installation of CactiEZ . The NTP service is turn off. The dates is set manualy.

Thanks in advance.
Best Regards.

TELCO

[TELCO]

Dear All ,

I attach my graph

Bye

[TheWitness]

If your date's are floating around, or being changed randomly, it will cause all sort's of nasty things. Did you get this fixed by turning on ntpd and pointing it to a known good (and reachable) time source?

TheWitness

[TELCO]

Dear All ,

My server crashdown again at 16:52:57 (up 1 day, 7:12). He was above 1 day, 7:12 without problems. I turn off the NTP service Daemon and assigned the time manually to him. That it can be happening?

top - 16:52:57 up 1 day, 7:12, 1 user, load average: 0.91, 1.68, 1.74
Tasks: 45 total, 2 running, 43 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0% us, 0.0% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 1034160k total, 694136k used, 340024k free, 68248k buffers
Swap: 779144k total, 0k used, 779144k free, 523296k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 16 0 2508 552 472 S -0.0 0.1 0:02.95 init
2 root 34 19 0 0 0 S -0.0 0.0 0:00.02 ksoftirqd/0 3 root 5 -10 0 0 0 S -0.0 0.0 0:00.01 events/0
4 root 10 -10 0 0 0 S -0.0 0.0 0:00.00 khelper 5 root 15 -10 0 0 0 S -0.0 0.0 0:00.00 kacpid
18 root 5 -10 0 0 0 S -0.0 0.0 0:00.00 kblockd/0 36 root 20 0 0 0 0 S -0.0 0.0 0:00.00 pdflush
37 root 15 0 0 0 0 S -0.0 0.0 0:06.48 pdflush 39 root 12 -10 0 0 0 S -0.0 0.0 0:00.00 aio/0
19 root 25 0 0 0 0 S -0.0 0.0 0:00.00 khubd 38 root 25 0 0 0 0 S -0.0 0.0 0:00.00 kswapd0
185 root 25 0 0 0 0 S -0.0 0.0 0:00.00 kseriod 301 root 15 0 0 0 0 S -0.0 0.0 0:03.27 kjournald
1390 root 6 -10 3360 464 380 S -0.0 0.0 0:00.01 udevd 1669 root 6 -10 0 0 0 S -0.0 0.0 0:00.00 kauditd
1710 root 6 -10 0 0 0 S -0.0 0.0 0:00.00 kmirrord 1733 root 15 0 0 0 0 S -0.0 0.0 0:00.00 kjournald
2528 root 16 0 5332 1808 1212 S -0.0 0.2 0:02.98 msyslogd 2601 root 16 0 5436 1140 840 S -0.0 0.1 0:01.73 sshd
2611 root 18 0 3776 756 624 S -0.0 0.1 0:00.00 xinetd 2672 root 23 0 6264 1240 1080 S -0.0 0.1 0:00.00 mysqld_safe
2705 mysql 15 0 131m 24m 4396 S -0.0 2.4 29:07.06 mysqld 2740 root 16 0 7352 2024 984 S -0.0 0.2 0:00.11 sendmail
2748 smmsp 16 0 8300 1616 808 S -0.0 0.2 0:00.00 sendmail 2759 root 16 0 49124 7224 4776 S -0.0 0.7 0:00.52 httpd
2768 root 16 0 5256 928 536 S -0.0 0.1 0:00.15 crond 2797 xfs 16 0 3644 1160 776 S -0.0 0.1 0:00.00 xfs






[root@localhost etc]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Sep12 ? 00:00:02 init [6]
root 2 1 0 Sep12 ? 00:00:00 [ksoftirqd/0]
root 3 1 0 Sep12 ? 00:00:00 [events/0]
root 4 3 0 Sep12 ? 00:00:00 [khelper]
root 5 3 0 Sep12 ? 00:00:00 [kacpid]
root 18 3 0 Sep12 ? 00:00:00 [kblockd/0]
root 36 3 0 Sep12 ? 00:00:00 [pdflush]
root 37 3 0 Sep12 ? 00:00:06 [pdflush]
root 39 3 0 Sep12 ? 00:00:00 [aio/0]
root 19 1 0 Sep12 ? 00:00:00 [khubd]
root 38 1 0 Sep12 ? 00:00:00 [kswapd0]
root 185 1 0 Sep12 ? 00:00:00 [kseriod]
root 301 1 0 Sep12 ? 00:00:03 [kjournald]
root 1390 1 0 Sep12 ? 00:00:00 udevd
root 1669 3 0 Sep12 ? 00:00:00 [kauditd]
root 1710 3 0 Sep12 ? 00:00:00 [kmirrord]
root 1733 1 0 Sep12 ? 00:00:00 [kjournald]
root 2528 1 0 Sep12 ? 00:00:02 msyslogd -i unix -i udp -p 514 -i om_mysql
root 2601 1 0 Sep12 ? 00:00:01 /usr/sbin/sshd
root 2611 1 0 Sep12 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 2672 1 0 Sep12 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --pid
mysql 2705 2672 1 Sep12 ? 00:29:07 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr
root 2740 1 0 Sep12 ? 00:00:00 sendmail: accepting connections
smmsp 2748 1 0 Sep12 ? 00:00:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
root 2759 1 0 Sep12 ? 00:00:00 /usr/sbin/httpd
root 2768 1 0 Sep12 ? 00:00:00 crond
root 7451 1 0 04:02 ? 00:00:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd -a
apache 7452 2759 0 04:02 ? 00:00:11 /usr/sbin/httpd
apache 7453 2759 0 04:02 ? 00:00:12 /usr/sbin/httpd
apache 7454 2759 0 04:02 ? 00:00:11 /usr/sbin/httpd
apache 7455 2759 0 04:02 ? 00:00:11 /usr/sbin/httpd
apache 7456 2759 0 04:02 ? 00:00:11 /usr/sbin/httpd
apache 7457 2759 0 04:02 ? 00:00:12 /usr/sbin/httpd
apache 7458 2759 0 04:02 ? 00:00:11 /usr/sbin/httpd
apache 7461 2759 0 04:02 ? 00:00:12 /usr/sbin/httpd
root 25750 2601 0 15:16 ? 00:00:00 sshd: root@pts/0
root 25754 25750 0 15:16 pts/0 00:00:00 -bash
apache 27982 1 0 16:53 ? 00:00:00 /usr/bin/php -q /var/www/html/plugins/monitor/fast_poller_cmd.
apache 27984 27982 0 16:53 ? 00:00:00 /usr/bin/php /var/www/html/script_server.php cmd
apache 28015 27982 0 16:53 ? 00:00:00 /usr/bin/snmpget -O fntev -c -v 2c -t 1 -r 2 10.0.11.224
root 28164 1 0 16:53 ? 00:00:00 /bin/bash /etc/rc.d/rc 6
root 28229 28164 0 16:53 ? 00:00:00 /bin/bash /etc/rc6.d/K10xfs stop
root 28232 28229 0 16:53 ? 00:00:00 usleep 100000
root 28233 25754 0 16:53 pts/0 00:00:00 ps -ef
[root@localhost etc]#


Thanks in advance.
Best Regards.

TELCO

[TELCO]

[TELCO]