On Fri, Feb 12, 2010 at 09:52:37AM -0800, John Jason Jordan wrote: > The only question is, how did top get started by root in the first > place?
The following is not likely, but worth doing every so often. Don't panic, but ... Perhaps you should try checking for a rootkit. There might be a rootkit program masquerading as top - that is one of the programs that the rootkits replace to perform their nefarious deeds. A recent download of chkrootkit will do it. Others might know better than I, but there are probably live CDs that have chkrootkit and other security tools on them. A CD is rather difficult for the bad guys to scribble on. The problem with some of these tools is that they are sometimes not Logical Volume Management aware. RHEL installs with LVM unless you tell it not to. The same may be true of the Fedora you are running. Perhaps this is obsolete information. In any case, it is Really Handy to be able to use a security-oriented CD to look at your file system while it is inactive and frozen. Even if this does not relate to your current problem, it is good to know how to look. Keith -- Keith Lofstrom [email protected] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
