ncsd -- I have a feeling the system has been hacked through bind ...and ncsd corrupted.
On 18 Jun 03 at 14:20, Rick Moen wrote: > Quoting Maria Aurora de la Vega ([EMAIL PROTECTED]): > > > > Date: Tue, 18 Jun 2002 21:07:40 +0800 > ^^^^ > > Would you like to buy some stock tips? > > > we need to take off a few processes from our server > > we'd like to know what the following processes are for... > > and if we really need them hanging around... > > > > bin 208 1 0 12:41 ? 00:00:00 /sbin/portmap > > root 226 1 0 12:41 ? 00:00:00 /usr/sbin/syslogd > > root 230 1 0 12:41 ? 00:00:00 /usr/sbin/klogd -c 1 > > root 451 1 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 453 451 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 454 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 455 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 456 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 457 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 458 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > root 505 1 0 12:41 tty1 00:00:00 /sbin/mingetty --noclear > > tty1 > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > root 508 1 0 12:41 tty4 00:00:00 /sbin/mingetty tty4 > > root 509 1 0 12:41 tty5 00:00:00 /sbin/mingetty tty5 > > root 510 1 0 12:41 tty6 00:00:00 /sbin/mingetty tty6 > > root 558 511 0 12:50 ? 00:00:10 kwm > > root 644 1 0 12:50 ? 00:00:00 kfm > > root 647 1 0 12:50 ? 00:00:00 krootwm > > root 653 1 0 12:50 ? 00:00:00 kbgndwm > > root 654 1 0 12:50 ? 00:00:00 kpanel > > > OK, here goes: > > "nscd" is the glibc nameservice caching daemon, used almost entirely in > NIS-based networks to ease network performance problems on account of > the nameservice overhead. Unless you're running a very > performance-sapping network nameservice such as NIS, NIS+, or LDAP, you > should turn this _off_. > > Even if you elect to leave it turned on, you should disable its caching > of DNS information, because it has a habit of caching DNS data past its > time-to-live expiration. > > "portmap" is the Sun Microsystems RPC portmapper, a network service used > primarily as a transport for NIS and NFS on the server end (only). If > your machine isn't functioning as an NFS or NIS server, then turn it > off. > > "syslogd" and "klogd" are important system logging daemons. Leave them > on. > > "mingetty" (minimum-sized get TTY service) is what provides you with > your six virtual consoles, the ones you can switch among using > Ctrl-Alt-F1, Ctrl-Alt-F2, etc. You probably don't need six, and can > save some RAM by commenting out four of the lines in /etc/inittab, the > ones that look like this: > > 1:2345:respawn:/sbin/getty 38400 tty1 > 2:23:respawn:/sbin/getty 38400 tty2 > 3:23:respawn:/sbin/getty 38400 tty3 > 4:23:respawn:/sbin/getty 38400 tty4 > 5:23:respawn:/sbin/getty 38400 tty5 > 6:23:respawn:/sbin/getty 38400 tty6 > > Put a "#" character in front of the lines starting with 3 through 6. > Next time you enter your default runlevel, you'll have only two copies > of mingetty running. > > All those processes at the end of the list starting with "k" are KDE > pieces. If I were you, I simply wouldn't run those or any X11 stuff on > a server at all. Change your configuration (using YaST2 or whatever) to > just not start up XFree86. That will save a whole lot of RAM. > > -- > Cheers, First they came for the verbs, and I said nothing, for > Rick Moen verbing weirds language. Then, they arrival for the nouns > [EMAIL PROTECTED] and I speech nothing, for I no verbs. - Peter Ellis > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
