Tracking down whats causing a high load?
- From: "Jim Perrin" <jperrin (at) gmail.com>
- Date: Wed, 21 Jun 2006 09:00:10 -0400
On 6/21/06, Ian mu <mu.llamas (at) gmail.com> wrote:
Used rkhunter which is fine apart from one app out of date which I've now
updated, chkrootkit its clear but chkproc gives a couple of processes not in
readdir output, but they correspond to apps we are running when I check in
/proc/pid/cmdline so think that sides looking ok (still checking a couple of
bits though).
Keep in mind that tools like this should be run from trusted media and
not from the suspected machine. This ensures that there is no
kernel-space nastiness intercepting calls and feeding you bad
information, as well as the fact that you're working from known good
binaries. The centos live cd would be good for this, as well as
knoppix or others. It may be traitorous to say this, but there's a
knoppix based distro out there for forensic/data-recovery use with
rootkit hunting tools on it. I generally keep a copy of it lying
around, although the name escapes me at present.
--
This message has been double ROT13 encoded for security. Anyone other
than the intended recipient attempting to decode this message will be
in violation of the DMCA
_______________________________________________
CentOS mailing list
CentOS (at) centos.org
http://lists.centos.org/mailman/listinfo/centos