[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Jan 2003 ]

[edlug] Lots of forked processes, all saying /USR/SBIN/CRON



Hi:

I'm having a spot of bother, manifesting itself in the form of an
awful lot of processes.

As I type, I have 79 process, all showing "/USR/SBIN/CRON" as their
command, and as far as I can tell without looking at them all
individually, all in state "disk sleep", with a size of 632 and RSS of
568, all owned by root.

I has the same problem yesterday, but it got to over 2000 processes
before I noticed.  My reason for noticing both times was the same:
any attempt to get root privilages appears to stall, indefinitely.

Also, my last log entry appears to be at 1434, despite it being 1556
now, which was Mailman doing its "every minute" thing.  The mailman
locks directory hasn't been touched since 1444, which is the same time
as the first of the rogue processes appeared.

When I noticed yesterday, I decided eventually to shut the system
down, which meant using the three-finger salute, as I couldn't get
root to run shutdown.  The system didn't manage to shut itself down
properly--after a few minutes I resorted to using Alt-SysRq.  The
system has been back up for 16.5h now, and the first process appeared
after 15h.

I'm hoping that I've messed something up myself, but I'm wondering if
it might be something malicious...  although the box sitting next to
it doesn't get patched nearly as often and is still running fine
(124 days uptime :-) ).

I've had a look on google, and can't find anything at all relevant.
Any hints or pointers would be very greatly appreciated.

Thanks,
-- 
Andrew Aylett | www.aylett.co.uk | 1.79 x 10^12 furlongs per fortnight...
andrew@xxx.xxx.xxx | answer==42 |  -- it's not just a good idea, it's the law!
-----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble@morpheux.org.DONTSPAMME
homepage