Hiya, thanks for the replies, very useful and has given me some food for thought on a few things. Used rkhunter which is fine apart from one app out of date which I've now updated, chkrootkit its clear but chkproc gives a couple of processes not in readdir output, but they correspond to apps we are running when I check in /proc/pid/cmdline so think that sides looking ok (still checking a couple of bits though). The strange one was on the vmstat 5 suggestion, the r (waiting for runtime) column is pretty much 0, if the load is > 1 shouldn't that be mostly > 1 also, or am I misunderstanding the load definition? I.e currently load is 1.98 procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 624 34652 66608 1059564 0 0 1 9 0 0 3 1 96 0 0 0 624 34436 66608 1059564 0 0 0 39 1207 2534 1 1 97 0 0 0 624 34268 66608 1059564 0 0 0 42 1202 2412 1 1 98 0 0 0 624 34140 66608 1059564 0 0 0 33 1197 2427 1 1 98 0 0 0 624 34140 66608 1059564 0 0 0 0 1196 2427 1 1 98 0 0 0 624 34188 66608 1059632 0 0 0 37 1205 2545 2 1 97 0 1 0 624 34196 66608 1059632 0 0 0 0 1197 2392 1 1 98 0 0 0 624 34444 66608 1059632 0 0 0 33 1200 2430 1 1 98 0 0 0 624 34260 66608 1059632 0 0 0 0 1198 2441 1 1 98 0 0 0 624 34132 66608 1059632 0 0 0 37 1210 2592 1 1 97 0 0 0 624 34204 66608 1059632 0 0 0 34 1207 2502 1 1 98 0 0 0 624 34268 66608 1059632 0 0 0 33 1201 2433 1 1 98 0 Cheers, Ian On 6/21/06, Chris Mauritz <chrism at imntv.com> wrote: > > Ian mu wrote: > > Hiya, > > > > Currently running Centos 4.2 x86_64 dist on a dual 3G xeon, 2G ram, > > scsi setupand everythings been running fine on it for some time. Then > > at 4am last night something kicked in (have mrtg running monitoring > > when) and since then its been running a load of about 1.5 (normally > > around 0.4). CPU usage is Cpu(s): 1.1% us, 0.6% sy, 0.0% ni, 97.9% > > id, 0.2% wa, 0.1% hi, 0.1% si. > > > > Can't see any new processes that would cause the load, just wondering > > is there any way to try and track down whats actually causing this? > > It's not excessive load, but want to add some new services and wary > > now, its something that seems wrong given the sudden increase at 4am > > (think thats when some o.s housekeeping tasks are normally scheduled, > > but there's none running that I can see that started today). > > > > Just hoping someone may have some tips on checking whats always > > waiting or how to isolate whats happening. As said, ps -ef shows no > > new processes, and cpu usage is very low. > > > > Have you been up to date with patches? Have you tried running rkhunter > and chkrootkit to see if you've been burgled? One of the first things a > rootkit does is replace things like ps so it's processes become > "invisible." > > Cheers, > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20060621/3d2b84ae/attachment-0005.html>