William Warren escribió: > post it on the centos bug tracker to start..:) > > listmail wrote: >> On Sat, 19 Jul 2008 21:56:45 -0700, John R Pierce wrote >>> Stephen John Smoogen wrote: >>>> On Sat, Jul 19, 2008 at 2:48 PM, listmail <listmail at entertech.com> >>>> wrote: >>>> >>>>> I am running CentOS 5 on a dual-dual-core Intel machine, and I am >>>>> seeing >>>>> a load average of between 0.35 and 0.50 while the machine is idle, >>>>> i.e. >>>>> no processes appear to be running. >>>> Download the livecd and boot using it. See if the load average still >>>> occurs. Check to see if you have any traffic occuring on the network >>>> from the system. [I had a box that was kernel trojaned that had a load >>>> average all the time when it was on the wire and did not when it >>>> didn't. The kernel trojan was looking for a particular bit of traffic >>>> that would open up its backdoor to.] >>>> >>> its been ages since i've had to do this, but in years past, rkhunter >>> was really good at finding rootkits like this. worst case, you put >>> it on alive CD and run it from there. >>> >> OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate >> load from the GUI, I forced the system into runlevel 3 and ran top. >> I see the same problem; the load average sits at about 0.40 >> continuously. >> This is with the ethernet drivers running, and it does not matter if the >> network cables are plugged in or not. >> >> In my mind, that pretty much eliminates the possibility of a rootkit, >> unless >> one was delivered with the Live CD. :-) So it looks like this is a bug >> in either the Intel GLAN driver, or some other kernel timing issue. >> If anyone >> can suggest where this bug should be reported and is likely to be >> addressed, >> please let me know. I don't know myself who would be the correct >> party to >> notify. >> >> Thanks to everyone who responded and helped me track this one down. >> I'm not >> sure if should roll back to CentOS 5.0, or just try to live with this >> bug >> until the maintainers address it, but at least I have some idea of >> what's >> wrong. >> >> Thanks, >> --Bill >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > Hello, to try to find out if you have hidden processes I suggest you to try this: http://www.security-projects.com/?Unhide I have cronned it every night in my server. It works really good. rkhunter is very good tool too. Try both and let us know. Another issue: What is the proposal of the machine? is it a web server? mail server? dns server? Check that /etc/resolv.conf has the right information and check the routes to get access to different nerworks too. If machine processor is idle, but the machine load is high, it could be because the processes queue is very big, but the machine processors could not be so overloaded. Regards, -- Lorenzo Martínez Rodríguez Consultor de seguridad informática