From owner-freebsd-questions@FreeBSD.ORG Wed Jan 10 13:12:54 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9CCF616A403 for ; Wed, 10 Jan 2007 13:12:54 +0000 (UTC) (envelope-from maanjee@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.242]) by mx1.freebsd.org (Postfix) with ESMTP id 4DE5513C428 for ; Wed, 10 Jan 2007 13:12:54 +0000 (UTC) (envelope-from maanjee@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so26656ana for ; Wed, 10 Jan 2007 05:12:53 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=pqiH3cgMNU8CXCiblH5/QffKr5MXUgQx8+4AXM0CyoPQYIwq5I7MGKgzkeuVqengWRCgqX5c35t8wpU5hCTjVijgnQox3YURzgYVIodUrVnIt90OK9YBApPAfzrS8LWuuKdzUrcOrivxcu0qSOPsjwf01/Mo004G2d2W1cTvda0= Received: by 10.100.9.19 with SMTP id 19mr214518ani.1168434773567; Wed, 10 Jan 2007 05:12:53 -0800 (PST) Received: by 10.100.33.13 with HTTP; Wed, 10 Jan 2007 05:12:53 -0800 (PST) Message-ID: <2cd0a0da0701100512m6a5dc858se959da9dd725d069@mail.gmail.com> Date: Wed, 10 Jan 2007 14:12:53 +0100 From: VeeJay To: maanjee@gmail.com, FreeBSD-Questions MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Process List & Security?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2007 13:12:54 -0000 Hi Can some good one at security side look into these running process? And see if there is a Process some is dangerous/ security breach which a Bad User has put? Thanks $ ps xa PID TT STAT TIME COMMAND 0 ?? WLs 0:00.00 [swapper] 1 ?? ILs 0:00.00 /sbin/init -- 2 ?? DL 0:02.90 [g_event] 3 ?? DL 0:02.87 [g_up] 4 ?? DL 0:03.04 [g_down] 5 ?? DL 0:00.00 [thread taskq] 6 ?? DL 0:00.00 [acpi_task_0] 7 ?? DL 0:00.00 [acpi_task_1] 8 ?? DL 0:00.00 [acpi_task_2] 9 ?? DL 0:00.00 [kqueue taskq] 10 ?? RL 2775:10.56 [idle] 11 ?? WL 0:59.34 [swi4: clock sio] 12 ?? WL 0:00.00 [swi3: vm] 13 ?? WL 0:00.10 [swi1: net] 14 ?? DL 0:02.65 [yarrow] 15 ?? WL 0:00.00 [swi5: +] 16 ?? WL 0:00.00 [swi2: cambio] 17 ?? WL 0:00.00 [swi6: task queue] 18 ?? WL 0:00.00 [swi6: Giant taskq] 19 ?? WL 0:00.00 [irq9: acpi0] 20 ?? WL 0:00.22 [irq16: bce0 em0+] 21 ?? WL 0:00.32 [irq78: mfi0] 22 ?? WL 0:00.00 [irq17: em1] 23 ?? WL 0:00.00 [irq21: uhci0 uhci+] 24 ?? DL 0:00.01 [usb0] 25 ?? DL 0:00.00 [usbtask] 26 ?? WL 0:00.00 [irq20: uhci1] 27 ?? DL 0:00.01 [usb1] 28 ?? DL 0:00.01 [usb2] 29 ?? DL 0:00.01 [usb3] 30 ?? WL 0:00.00 [irq14: ata0] 31 ?? WL 0:00.00 [irq15: ata1] 32 ?? WL 0:00.00 [swi0: sio] 33 ?? WL 0:00.00 [irq1: atkbd0] 34 ?? DL 0:00.07 [pagedaemon] 35 ?? DL 0:00.00 [vmdaemon] 36 ?? DL 0:01.11 [pagezero] 37 ?? DL 0:00.30 [bufdaemon] 38 ?? DL 0:59.50 [syncer] 39 ?? DL 0:00.29 [vnlru] 40 ?? DL 0:00.43 [softdepflush] 41 ?? DL 0:01.41 [schedcpu] 151 ?? Is 0:00.00 adjkerntz -i 644 ?? Is 0:00.00 /sbin/devd 688 ?? Ss 0:00.14 /usr/sbin/syslogd -s 761 ?? Ss 0:00.09 /usr/sbin/usbd 809 ?? Is 0:00.06 /usr/sbin/sshd 815 ?? Ss 0:00.90 sendmail: accepting connections (sendmail) 819 ?? Is 0:00.02 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 825 ?? Is 0:00.22 /usr/sbin/cron -s 1007 ?? Ss 0:01.10 /usr/local/apache/bin/httpd 1008 ?? I 0:00.00 /usr/local/apache/bin/httpd 1009 ?? I 0:00.00 /usr/local/apache/bin/httpd 1010 ?? I 0:00.00 /usr/local/apache/bin/httpd 1011 ?? I 0:00.00 /usr/local/apache/bin/httpd 1012 ?? I 0:00.00 /usr/local/apache/bin/httpd 1037 ?? I 0:00.00 /usr/local/apache/bin/httpd 7862 ?? Is 0:00.01 sshd: digill7b [priv] (sshd) 7866 ?? S 0:00.01 sshd: digill7b@ttyp0 (sshd) 866 v0 Is+ 0:00.00 /usr/libexec/getty Pc ttyv0 867 v1 Is+ 0:00.00 /usr/libexec/getty Pc ttyv1 868 v2 Is+ 0:00.00 /usr/libexec/getty Pc ttyv2 869 v3 Is+ 0:00.00 /usr/libexec/getty Pc ttyv3 870 v4 Is+ 0:00.00 /usr/libexec/getty Pc ttyv4 871 v5 Is+ 0:00.00 /usr/libexec/getty Pc ttyv5 872 v6 Is+ 0:00.00 /usr/libexec/getty Pc ttyv6 873 v7 Is+ 0:00.00 /usr/libexec/getty Pc ttyv7 7867 p0 Ss 0:00.00 -sh (sh) 7928 p0 R+ 0:00.00 ps xa 1015 p2- I 0:00.00 /bin/sh /usr/local/mysql/bin/mysqld_safe 1033 p2- S 0:11.97 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/var/db/mysql --user=mysql --pid-file=/var/db/mysql/localhost.maanjee.pid --port=33 $ -- Thanks! BR / vj