Thanks everyone! Kelsey Hartigan Go wrote:
> ncsd -- I have a feeling the system has been hacked through > bind ...and ncsd corrupted. > > On 18 Jun 03 at 14:20, Rick Moen wrote: > > > Quoting Maria Aurora de la Vega ([EMAIL PROTECTED]): > > > > > > > Date: Tue, 18 Jun 2002 21:07:40 +0800 > > ^^^^ > > > > Would you like to buy some stock tips? > > > > > we need to take off a few processes from our server > > > we'd like to know what the following processes are for... > > > and if we really need them hanging around... > > > > > > bin 208 1 0 12:41 ? 00:00:00 /sbin/portmap > > > root 226 1 0 12:41 ? 00:00:00 /usr/sbin/syslogd > > > root 230 1 0 12:41 ? 00:00:00 /usr/sbin/klogd -c 1 > > > root 451 1 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 453 451 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 454 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 455 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 456 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 457 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 458 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 505 1 0 12:41 tty1 00:00:00 /sbin/mingetty --noclear > > > tty1 > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > root 508 1 0 12:41 tty4 00:00:00 /sbin/mingetty tty4 > > > root 509 1 0 12:41 tty5 00:00:00 /sbin/mingetty tty5 > > > root 510 1 0 12:41 tty6 00:00:00 /sbin/mingetty tty6 > > > root 558 511 0 12:50 ? 00:00:10 kwm > > > root 644 1 0 12:50 ? 00:00:00 kfm > > > root 647 1 0 12:50 ? 00:00:00 krootwm > > > root 653 1 0 12:50 ? 00:00:00 kbgndwm > > > root 654 1 0 12:50 ? 00:00:00 kpanel > > > > > > OK, here goes: > > > > "nscd" is the glibc nameservice caching daemon, used almost entirely in > > NIS-based networks to ease network performance problems on account of > > the nameservice overhead. Unless you're running a very > > performance-sapping network nameservice such as NIS, NIS+, or LDAP, you > > should turn this _off_. > > > > Even if you elect to leave it turned on, you should disable its caching > > of DNS information, because it has a habit of caching DNS data past its > > time-to-live expiration. > > > > "portmap" is the Sun Microsystems RPC portmapper, a network service used > > primarily as a transport for NIS and NFS on the server end (only). If > > your machine isn't functioning as an NFS or NIS server, then turn it > > off. > > > > "syslogd" and "klogd" are important system logging daemons. Leave them > > on. > > > > "mingetty" (minimum-sized get TTY service) is what provides you with > > your six virtual consoles, the ones you can switch among using > > Ctrl-Alt-F1, Ctrl-Alt-F2, etc. You probably don't need six, and can > > save some RAM by commenting out four of the lines in /etc/inittab, the > > ones that look like this: > > > > 1:2345:respawn:/sbin/getty 38400 tty1 > > 2:23:respawn:/sbin/getty 38400 tty2 > > 3:23:respawn:/sbin/getty 38400 tty3 > > 4:23:respawn:/sbin/getty 38400 tty4 > > 5:23:respawn:/sbin/getty 38400 tty5 > > 6:23:respawn:/sbin/getty 38400 tty6 > > > > Put a "#" character in front of the lines starting with 3 through 6. > > Next time you enter your default runlevel, you'll have only two copies > > of mingetty running. > > > > All those processes at the end of the list starting with "k" are KDE > > pieces. If I were you, I simply wouldn't run those or any X11 stuff on > > a server at all. Change your configuration (using YaST2 or whatever) to > > just not start up XFree86. That will save a whole lot of RAM. > > > > -- > > Cheers, First they came for the verbs, and I said nothing, for > > Rick Moen verbing weirds language. Then, they arrival for the nouns > > [EMAIL PROTECTED] and I speech nothing, for I no verbs. - Peter Ellis > > -- > > Philippine Linux Users' Group (PLUG) Mailing List > > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > > Official Website: http://plug.linux.org.ph > > Searchable Archives: http://marc.free.net.ph > > . > > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > > . > > Are you a Linux newbie? To join the newbie list, go to > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
