Am 28.03.2014 um 15:30 schrieb Matt Garman matthew.garman@gmail.com:
On Fri, Mar 28, 2014 at 9:01 AM, Mr Queue lists@mrqueue.com wrote:
On Thu, 27 Mar 2014 17:20:22 -0500 Matt Garman matthew.garman@gmail.com wrote:
Anyone seen anything like this? Any thoughts or ideas?
Post some data.. This public facing? Are you getting sprayed down by packets? Array? Soft/hard? Someone have screens laying around? Write a trap to catch a process list when the loads spike? Look at crontab(s)? User accounts? Malicious shells? Any guest containers around? Possibilities are sort of endless here.
Not public facing (no Internet access at all). Linux software RAID-1. No screen or tmux data. No guest access of any kind. In fact, only three logged in users.
I've reviewed crontabs (there are only a couple), and I don't see anything out of the ordinary. Malicious shells or programs: possibly, but I think that is highly unlikely... if someone were going to do something malicious, *this* particular server is not the one to target.
- update the os (current is far from 5.7)
- partition alignment?
- "heuristic/try and error"-approach: disable all crontabs and check the behavior - any load?
-- LF