SearchFAQMemberlist Log in

Backup Central Forums Forum Index » BackupPC » Backuppc processes

The time now is Thu May 24, 2012 2:04 pm
View previous topic | View next topic
Reply to topic Page 1 of 1
Backuppc processes
Author Message
Guest



Post Backuppc processes 
I happened to be looking through the output of `ps aux' on my backuppc
machine and this was there:

backuppc 23584 0.0 1.4 26860 14648 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23585 0.0 1.4 26872 14672 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23586 0.0 1.4 26884 14692 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23587 0.0 1.4 26860 14652 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23588 0.0 1.4 26872 14656 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23589 0.0 1.4 26980 14708 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23590 0.0 1.4 26884 14704 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23591 0.0 1.4 26996 14772 ? S Aug06 0:00 /usr/sbin/-e

anyone have any ideas what they are? I stopped the backuppc service
and they were still there.

note that there is no file /usr/sbin/-e that I can find...

--
Justin Guenther
IT Analyst
CrownAg International Inc.
250 Henderson Drive
Regina, SK, Canada S4N 5P7
Tel: (306) 522-8111
Email: justin.guenther < at > crownag.ca


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
Sat Aug 07, 2004 12:19 pm
Guest



Post Backuppc processes 
Justin Guenther writes:

I happened to be looking through the output of `ps aux' on my backuppc
machine and this was there:

backuppc 23584 0.0 1.4 26860 14648 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23585 0.0 1.4 26872 14672 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23586 0.0 1.4 26884 14692 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23587 0.0 1.4 26860 14652 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23588 0.0 1.4 26872 14656 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23589 0.0 1.4 26980 14708 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23590 0.0 1.4 26884 14704 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23591 0.0 1.4 26996 14772 ? S Aug06 0:00 /usr/sbin/-e

anyone have any ideas what they are? I stopped the backuppc service
and they were still there.

note that there is no file /usr/sbin/-e that I can find...

Don't know what these are. What output do you get from "ps auxww"?
Some programs like csh or ssh modify ARGV[0].

Craig


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
Sun Aug 08, 2004 2:46 pm
Guest



Post Backuppc processes 
On 08/07 02:19 , Justin Guenther wrote:
I happened to be looking through the output of `ps aux' on my backuppc
machine and this was there:

backuppc 23584 0.0 1.4 26860 14648 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23585 0.0 1.4 26872 14672 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23586 0.0 1.4 26884 14692 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23587 0.0 1.4 26860 14652 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23588 0.0 1.4 26872 14656 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23589 0.0 1.4 26980 14708 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23590 0.0 1.4 26884 14704 ? S Aug06 0:00 /usr/sbin/-e
backuppc 23591 0.0 1.4 26996 14772 ? S Aug06 0:00 /usr/sbin/-e

anyone have any ideas what they are? I stopped the backuppc service
and they were still there.

note that there is no file /usr/sbin/-e that I can find...

cat /proc/<pid>/cmdline

and it will display the full line that the program was invoked with. looks
like lines are getting cut off in your ps list above.

so 'cat /proc/23584/cmdline' for instance.

if it does turn out thata there is a program running which appears to be
named '-e'; I'd suspect a system compromise. download and run chkrootkit,
among other things.
(http://www.chkrootkit.org/)

--
Carl Soderstrom
Systems Administrator
Real-Time Enterprises
www.real-time.com


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
Mon Aug 09, 2004 6:59 am
Guest



Post Backuppc processes 
On Mon, 9 Aug 2004 09:59:21 -0500, Carl Wilhelm Soderstrom
<chrome < at > real-time.com> wrote:
cat /proc/<pid>/cmdline

and it will display the full line that the program was invoked with. looks
like lines are getting cut off in your ps list above.

so 'cat /proc/23584/cmdline' for instance.

if it does turn out thata there is a program running which appears to be
named '-e'; I'd suspect a system compromise. download and run chkrootkit,
among other things.
(http://www.chkrootkit.org/)

It turned out that these were all httpd processes, why they were
running after BackupPC was stopped I don't know.

I see some suspicious activity in the SSH logs coming from Korea. I
think I might have been rooted.

*sigh*

--
Justin Guenther
IT Analyst
CrownAg International Inc.
250 Henderson Drive
Regina, SK, Canada S4N 5P7
Tel: (306) 522-8111
Email: justin.guenther < at > crownag.ca


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
Mon Aug 09, 2004 7:42 am
Guest



Post Backuppc processes 
On Mon, 2004-08-09 at 10:42, Justin Guenther wrote:

It turned out that these were all httpd processes, why they were
running after BackupPC was stopped I don't know.

The web server isn't very close-coupled to the backuppc process and
apache has it's own settings for how many spare processes to start
and how many jobs each should run.

---
Les Mikesell
les < at > futuresource.com



-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
Mon Aug 09, 2004 8:02 am
Display posts from previous:

Backup Central Forums Forum Index » BackupPC » Backuppc processes

The time now is Thu May 24, 2012 2:04 pm | All times are GMT - 8 Hours
 
Reply to topic Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
  


Magic SEO URL for phpBB