[CentOS] Tracking down whats causing a high load?
Jim Perrin
jperrin at gmail.com
Wed Jun 21 13:00:10 UTC 2006
On 6/21/06, Ian mu <mu.llamas at gmail.com> wrote:
> Used rkhunter which is fine apart from one app out of date which I've now
> updated, chkrootkit its clear but chkproc gives a couple of processes not in
> readdir output, but they correspond to apps we are running when I check in
> /proc/pid/cmdline so think that sides looking ok (still checking a couple of
> bits though).
>
Keep in mind that tools like this should be run from trusted media and
not from the suspected machine. This ensures that there is no
kernel-space nastiness intercepting calls and feeding you bad
information, as well as the fact that you're working from known good
binaries. The centos live cd would be good for this, as well as
knoppix or others. It may be traitorous to say this, but there's a
knoppix based distro out there for forensic/data-recovery use with
rootkit hunting tools on it. I generally keep a copy of it lying
around, although the name escapes me at present.
--
This message has been double ROT13 encoded for security. Anyone other
than the intended recipient attempting to decode this message will be
in violation of the DMCA
More information about the CentOS
mailing list