-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VeeJay wrote:
> Hi
> 
> Can some good one at security side look into these running process? And see
> if there is a Process some is dangerous/ security breach which a Bad User
> has put? Thanks
> 
> $ ps xa
>  PID  TT  STAT      TIME COMMAND
>    0  ??  WLs    0:00.00 [swapper]
>    1  ??  ILs    0:00.00 /sbin/init --
>    2  ??  DL     0:02.90 [g_event]
>    3  ??  DL     0:02.87 [g_up]
>    4  ??  DL     0:03.04 [g_down]
>    5  ??  DL     0:00.00 [thread taskq]
>    6  ??  DL     0:00.00 [acpi_task_0]
>    7  ??  DL     0:00.00 [acpi_task_1]
>    8  ??  DL     0:00.00 [acpi_task_2]
>    9  ??  DL     0:00.00 [kqueue taskq]
>   10  ??  RL   2775:10.56 [idle]
>   11  ??  WL     0:59.34 [swi4: clock sio]
>   12  ??  WL     0:00.00 [swi3: vm]
>   13  ??  WL     0:00.10 [swi1: net]
>   14  ??  DL     0:02.65 [yarrow]
>   15  ??  WL     0:00.00 [swi5: +]
>   16  ??  WL     0:00.00 [swi2: cambio]
>   17  ??  WL     0:00.00 [swi6: task queue]
>   18  ??  WL     0:00.00 [swi6: Giant taskq]
>   19  ??  WL     0:00.00 [irq9: acpi0]
>   20  ??  WL     0:00.22 [irq16: bce0 em0+]
>   21  ??  WL     0:00.32 [irq78: mfi0]
>   22  ??  WL     0:00.00 [irq17: em1]
>   23  ??  WL     0:00.00 [irq21: uhci0 uhci+]
>   24  ??  DL     0:00.01 [usb0]
>   25  ??  DL     0:00.00 [usbtask]
>   26  ??  WL     0:00.00 [irq20: uhci1]
>   27  ??  DL     0:00.01 [usb1]
>   28  ??  DL     0:00.01 [usb2]
>   29  ??  DL     0:00.01 [usb3]
>   30  ??  WL     0:00.00 [irq14: ata0]
>   31  ??  WL     0:00.00 [irq15: ata1]
>   32  ??  WL     0:00.00 [swi0: sio]
>   33  ??  WL     0:00.00 [irq1: atkbd0]
>   34  ??  DL     0:00.07 [pagedaemon]
>   35  ??  DL     0:00.00 [vmdaemon]
>   36  ??  DL     0:01.11 [pagezero]
>   37  ??  DL     0:00.30 [bufdaemon]
>   38  ??  DL     0:59.50 [syncer]
>   39  ??  DL     0:00.29 [vnlru]
>   40  ??  DL     0:00.43 [softdepflush]
>   41  ??  DL     0:01.41 [schedcpu]
>  151  ??  Is     0:00.00 adjkerntz -i
>  644  ??  Is     0:00.00 /sbin/devd
>  688  ??  Ss     0:00.14 /usr/sbin/syslogd -s
>  761  ??  Ss     0:00.09 /usr/sbin/usbd
>  809  ??  Is     0:00.06 /usr/sbin/sshd
>  815  ??  Ss     0:00.90 sendmail: accepting connections (sendmail)
>  819  ??  Is     0:00.02 sendmail: Queue [EMAIL PROTECTED]:30:00 for
> /var/spool/clientmqueue (sendmail)
>  825  ??  Is     0:00.22 /usr/sbin/cron -s
> 1007  ??  Ss     0:01.10 /usr/local/apache/bin/httpd
> 1008  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1009  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1010  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1011  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1012  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 1037  ??  I      0:00.00 /usr/local/apache/bin/httpd
> 7862  ??  Is     0:00.01 sshd: digill7b [priv] (sshd)
> 7866  ??  S      0:00.01 sshd: [EMAIL PROTECTED] (sshd)
>  866  v0  Is+    0:00.00 /usr/libexec/getty Pc ttyv0
>  867  v1  Is+    0:00.00 /usr/libexec/getty Pc ttyv1
>  868  v2  Is+    0:00.00 /usr/libexec/getty Pc ttyv2
>  869  v3  Is+    0:00.00 /usr/libexec/getty Pc ttyv3
>  870  v4  Is+    0:00.00 /usr/libexec/getty Pc ttyv4
>  871  v5  Is+    0:00.00 /usr/libexec/getty Pc ttyv5
>  872  v6  Is+    0:00.00 /usr/libexec/getty Pc ttyv6
>  873  v7  Is+    0:00.00 /usr/libexec/getty Pc ttyv7
> 7867  p0  Ss     0:00.00 -sh (sh)
> 7928  p0  R+     0:00.00 ps xa
> 1015  p2- I      0:00.00 /bin/sh /usr/local/mysql/bin/mysqld_safe
> 1033  p2- S      0:11.97 /usr/local/mysql/libexec/mysqld
> --basedir=/usr/local/mysql --datadir=/var/db/mysql --user=mysql
> --pid-file=/var/db/mysql/localhost.maanjee.pid --port=33

Nothing out of the ordinary. Just make sure you have sendmail setup
properly so people can't send mail from the box without authentication
and effectively spam hordes of people. See saslauth about that in the
handbook.

- -Garrett

PS We (the list subscribers) aren't your sysadmins, and you should know
what these processes are if you're administering the box :)... manpages
reveal what you need to know about each process and Google searches
_may_ reveal further information..
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFpOiPEnKyINQw/HARAlzwAJ4jmga5IPQ3NqjfGQlG9LHk9Aor/gCgpFBJ
iGaBODnu6KBcXDhZp96H2Bw=
=5Mgs
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to