On Fri, 29 Mar 2002, David Savolainen wrote:
> JOHN HEMMER wrote: > > > > On Thu, 28 Mar 2002, David Savolainen wrote: > > > > > I checked to see if chkrootkit is installed, and it isn't. I just don't > > > see what process could be hung up. Unless I don't know how to fully > > > understand the output of ps. Here is a current ps -ef. Things have not > > > changed much from the ps -aux I attached ealier. > > > > > > thanks! > > > > > > David > > > > > > UID PID PPID C STIME TTY TIME CMD > > <snip> > > > > > David, > > > > I always suspect the process with the highest cpu time. What is > > process PID # 2959, /etc/X11/X on the line above, suppose to be > > doing? 4 minutes and 6 seconds is a lot of processor time. What > > would happen if you kill it? > > > > John > > > > ------------------------------------------------------------------------ > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > > John, > The culprit is not X. I performed a reboot and let it sit over night > having run no programs. > The load average was nailed at 1.00 all night. Here are the process from > a fresh reboot, although, it seems some of the command names have been > cut off: > > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND > root 1 0.0 0.1 1412 504 ? S Mar28 0:06 init > root 2 0.0 0.0 0 0 ? SW Mar28 0:00 [keventd] > root 3 0.0 0.0 0 0 ? SW Mar28 0:00 [kapmd] > root 4 0.0 0.0 0 0 ? SWN Mar28 0:00 > [ksoftirqd_CPU0] > root 5 0.0 0.0 0 0 ? SW Mar28 0:00 [kswapd] > root 6 0.0 0.0 0 0 ? SW Mar28 0:00 [bdflush] > root 7 0.0 0.0 0 0 ? SW Mar28 0:00 > [kupdated] > root 8 0.0 0.0 0 0 ? SW< Mar28 0:00 > [mdrecoveryd] > root 11 0.0 0.0 0 0 ? SW Mar28 0:00 > [kreiserfsd] > root 65 0.0 0.2 1772 908 ? S Mar28 0:00 devfsd > /dev > root 283 0.0 0.0 0 0 ? SW Mar28 0:00 > [pagebuf_daemon] > root 614 0.0 0.0 0 0 ? SW Mar28 0:00 [khubd] > root 1031 0.0 0.1 1512 596 ? S Mar28 0:01 syslogd > -m 0 > root 1040 0.0 0.2 2012 1108 ? S Mar28 0:00 klogd -2 > daemon 1094 0.0 0.1 1436 496 ? S Mar28 0:00 > /usr/sbin/atd > root 1217 0.0 0.4 4832 1868 ? S Mar28 0:00 cupsd > root 1352 0.0 0.4 4204 1580 ? D Mar28 0:00 > /usr/sbin/amd -F > root 1392 0.0 0.0 0 0 ? SW Mar28 0:00 [rpciod] > rpc 1408 0.0 0.1 1544 532 ? S Mar28 0:00 portmap > root 1483 0.0 0.1 1520 636 ? S Mar28 0:00 > /usr/sbin/automou > root 1499 0.0 0.1 1520 632 ? S Mar28 0:00 > /usr/sbin/automou > root 1610 0.0 0.1 1452 524 ? S Mar28 0:00 gpm -t > imps2 -m / > root 1710 0.0 0.1 1620 664 ? S Mar28 0:00 crond > xfs 1751 0.0 0.9 4968 3556 ? S Mar28 0:00 xfs -port > -1 -dae > root 1976 0.0 0.3 2404 1292 tty1 S Mar28 0:00 login -- > david > root 1977 0.0 0.1 1380 408 tty2 S Mar28 0:00 > /sbin/mingetty tt > root 1978 0.0 0.1 1380 408 tty3 S Mar28 0:00 > /sbin/mingetty tt > root 1979 0.0 0.1 1380 408 tty4 S Mar28 0:00 > /sbin/mingetty tt > root 1980 0.0 0.1 1380 408 tty5 S Mar28 0:00 > /sbin/mingetty tt > root 1981 0.0 0.1 1380 408 tty6 S Mar28 0:00 > /sbin/mingetty tt > david 9257 0.5 0.4 2784 1592 vc/1 S 06:17 0:00 -bash > david 9291 0.0 0.2 2800 856 vc/1 R 06:18 0:00 ps -aux > > Also, as Rob suggested, here is the output from vmstat: > > procs memory swap io > system cpu > r b w swpd free buff cache si so bi bo in cs us > sy id > 2 1 0 884 19892 4324 138676 0 0 41 30 115 32 > 1 0 99 > > I am not exactly sure how to parse the results... > regards, > David David, The last 2 processes 'bash' and 'ps -aux' with times of 6.17 and 6.18, respectively look high. Are you running them in a loop or from cron? I am new to Linux, but not to Unix, but there are a lot of differences, so I am of learning as I go along. According to 'man vmstat' You have: I have: r = 2 processes waiting for run time, why? r = 0 b = 1 process in uninteruptable sleep, I b = 0 don't know what that mean. Maybe some expert on the list knows. I wonder. Does it mean you have a process in a coma? swpd = 884 kB of virtual memory used. swpd = 0 These are the most obvious differences between your system and mine. I don't know if this helps. Good luck! John
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
