Hiya, thanks for the replies, very useful and has given me some food for thought on a few things.
Used rkhunter which is fine apart from one app out of date which I've now updated, chkrootkit its clear but chkproc gives a couple of processes not in readdir output, but they correspond to apps we are running when I check in /proc/pid/cmdline so think that sides looking ok (still checking a couple of bits though).
The strange one was on the vmstat 5 suggestion, the r (waiting for runtime) column is pretty much 0, if the load is > 1 shouldn't that be mostly > 1 also, or am I misunderstanding the load definition?
I.e currently load is 1.98
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 624 34652 66608 1059564 0 0 1 9 0 0 3 1 96 0 0 0 624 34436 66608 1059564 0 0 0 39 1207 2534 1 1 97 0 0 0 624 34268 66608 1059564 0 0 0 42 1202 2412 1 1 98 0 0 0 624 34140 66608 1059564 0 0 0 33 1197 2427 1 1 98 0 0 0 624 34140 66608 1059564 0 0 0 0 1196 2427 1 1 98 0 0 0 624 34188 66608 1059632 0 0 0 37 1205 2545 2 1 97 0 1 0 624 34196 66608 1059632 0 0 0 0 1197 2392 1 1 98 0 0 0 624 34444 66608 1059632 0 0 0 33 1200 2430 1 1 98 0 0 0 624 34260 66608 1059632 0 0 0 0 1198 2441 1 1 98 0 0 0 624 34132 66608 1059632 0 0 0 37 1210 2592 1 1 97 0 0 0 624 34204 66608 1059632 0 0 0 34 1207 2502 1 1 98 0 0 0 624 34268 66608 1059632 0 0 0 33 1201 2433 1 1 98 0
Cheers, Ian
On 6/21/06, Chris Mauritz chrism@imntv.com wrote:
Ian mu wrote:
Hiya,
Currently running Centos 4.2 x86_64 dist on a dual 3G xeon, 2G ram, scsi setupand everythings been running fine on it for some time. Then at 4am last night something kicked in (have mrtg running monitoring when) and since then its been running a load of about 1.5 (normally around 0.4). CPU usage is Cpu(s): 1.1% us, 0.6% sy, 0.0% ni, 97.9% id, 0.2% wa, 0.1% hi, 0.1% si.
Can't see any new processes that would cause the load, just wondering is there any way to try and track down whats actually causing this? It's not excessive load, but want to add some new services and wary now, its something that seems wrong given the sudden increase at 4am (think thats when some o.s housekeeping tasks are normally scheduled, but there's none running that I can see that started today).
Just hoping someone may have some tips on checking whats always waiting or how to isolate whats happening. As said, ps -ef shows no new processes, and cpu usage is very low.
Have you been up to date with patches? Have you tried running rkhunter and chkrootkit to see if you've been burgled? One of the first things a rootkit does is replace things like ps so it's processes become "invisible."
Cheers,
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos