Am 28.03.2014 um 15:30 schrieb Matt Garman <matthew.garman at gmail.com>: > On Fri, Mar 28, 2014 at 9:01 AM, Mr Queue <lists at mrqueue.com> wrote: > >> On Thu, 27 Mar 2014 17:20:22 -0500 >> Matt Garman <matthew.garman at gmail.com> wrote: >> >>> Anyone seen anything like this? Any thoughts or ideas? >> >> Post some data.. This public facing? Are you getting sprayed down by >> packets? Array? Soft/hard? Someone have screens >> laying around? Write a trap to catch a process list when the loads spike? >> Look at crontab(s)? User accounts? Malicious >> shells? Any guest containers around? Possibilities are sort of endless >> here. >> > > > Not public facing (no Internet access at all). Linux software RAID-1. No > screen or tmux data. No guest access of any kind. In fact, only three > logged in users. > > I've reviewed crontabs (there are only a couple), and I don't see anything > out of the ordinary. Malicious shells or programs: possibly, but I think > that is highly unlikely... if someone were going to do something malicious, > *this* particular server is not the one to target. - update the os (current is far from 5.7) - partition alignment? - "heuristic/try and error"-approach: disable all crontabs and check the behavior - any load? -- LF