Hi Tom, > I have a process running on one of my Raq4's called CROND. Not to be > mistaken with crond. > > root 4180 0.0 0.1 1156 536 ? S 14:09 0:00 CROND > > I am unaware of what this process is. The latest chkrootkit shows no hacks. > Any ideas of what this might be?
It's normal if this process is a child of the almighty crond and if it has childs itself. See a small excerpt of a "ps axf" output below: 509 ? S 0:00 crond 3067 ? S 0:00 \_ CROND 3068 ? S 0:00 | \_ bash /usr/bin/run-parts /etc/cron.daily 10900 ? S 0:00 | | \_ sh /etc/cron.daily/webalizer.pl 10906 ? S 0:00 | | \_ perl /usr/bin/webalizer2.pl 17225 ? S 0:01 | | \_ webazolver -N15 -D What does it mean? "crond" forked the process shown here as CROND, which itself runs the stuff in /etc/cron.daily like webalizer and a few other processes not shown in the above excerpt. It's now 5:33 am over here and one of my servers is showing 5x CROND as it processes stuff from /etc/cron.daily like Webalizer, MRTG, Logcheck, SWAT and so on. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
