the issue occurs even on a live cd so the machine's software load isn't suspect. It's the nics. Lorenzo Martínez Rodríguez wrote: > William Warren escribió: >> post it on the centos bug tracker to start..:) >> >> listmail wrote: >>> On Sat, 19 Jul 2008 21:56:45 -0700, John R Pierce wrote >>>> Stephen John Smoogen wrote: >>>>> On Sat, Jul 19, 2008 at 2:48 PM, listmail <listmail at entertech.com> >>>>> wrote: >>>>> >>>>>> I am running CentOS 5 on a dual-dual-core Intel machine, and I am >>>>>> seeing >>>>>> a load average of between 0.35 and 0.50 while the machine is idle, >>>>>> i.e. >>>>>> no processes appear to be running. >>>>> Download the livecd and boot using it. See if the load average still >>>>> occurs. Check to see if you have any traffic occuring on the network >>>>> from the system. [I had a box that was kernel trojaned that had a load >>>>> average all the time when it was on the wire and did not when it >>>>> didn't. The kernel trojan was looking for a particular bit of traffic >>>>> that would open up its backdoor to.] >>>>> >>>> its been ages since i've had to do this, but in years past, rkhunter >>>> was really good at finding rootkits like this. worst case, you put >>>> it on alive CD and run it from there. >>>> >>> OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate >>> load from the GUI, I forced the system into runlevel 3 and ran top. >>> I see the same problem; the load average sits at about 0.40 >>> continuously. >>> This is with the ethernet drivers running, and it does not matter if the >>> network cables are plugged in or not. >>> >>> In my mind, that pretty much eliminates the possibility of a rootkit, >>> unless >>> one was delivered with the Live CD. :-) So it looks like this is a bug >>> in either the Intel GLAN driver, or some other kernel timing issue. >>> If anyone >>> can suggest where this bug should be reported and is likely to be >>> addressed, >>> please let me know. I don't know myself who would be the correct >>> party to >>> notify. >>> >>> Thanks to everyone who responded and helped me track this one down. >>> I'm not >>> sure if should roll back to CentOS 5.0, or just try to live with this >>> bug >>> until the maintainers address it, but at least I have some idea of >>> what's >>> wrong. >>> >>> Thanks, >>> --Bill >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> > Hello, > > to try to find out if you have hidden processes I suggest you to try > this: http://www.security-projects.com/?Unhide > > I have cronned it every night in my server. > > It works really good. rkhunter is very good tool too. > > Try both and let us know. > > Another issue: What is the proposal of the machine? is it a web server? > mail server? dns server? Check that /etc/resolv.conf has the right > information and check the routes to get access to different nerworks > too. If machine processor is idle, but the machine load is high, it > could be because the processes queue is very big, but the machine > processors could not be so overloaded. > > > Regards, > -- Registered Microsoft Partner My "Foundation" verse: Isa 54:17