. On Mon, 17 Mar 2008 09:17, Matt Graham wrote (in part) > After a long battle with technology, Josef Lowder wrote: > > This is all very interesting ... and confusing for my simple mind. > > It sounds like most of the replies to my question pertain to > > boxes that are used as "servers" and not just "regular users." > > Or are we all "servers"? > > If you're running sshd/apache/smbd/postfix/sendmail/exim/telnetd/ > anything like that, then you are a server. As far as I know, I am not running any of those things. > > How can I determine if one of my computers has had something > > like this done? > > "chkrootkit" is a starting point. tripwire is another I don't have either of those ... and again it sounds like those have something to do with checking things on a server box. My system seems to have slowed down quite a bit (even when I don't have any programs running) and I can't figure out why. When I run 'top' I can only see the top 50 or so entries on my monitor and I don't know how to see what else might be there farther down the list. And when I do 'ps -ef' (see the list below) how can I tell which, if any, of those processes could be or should be eliminated ... and how to do that? ------------------------------------- root 1 0 0 Mar07 ? 00:00:03 init [5] root 2 1 0 Mar07 ? 00:00:00 [ksoftirqd/0] root 3 1 0 Mar07 ? 00:00:03 [events/0] root 4 1 0 Mar07 ? 00:00:00 [khelper] root 5 1 0 Mar07 ? 00:00:00 [kthread] root 7 5 0 Mar07 ? 00:00:00 [kacpid] root 81 5 0 Mar07 ? 00:00:00 [kblockd/0] root 113 5 0 Mar07 ? 00:00:00 [pdflush] root 114 5 0 Mar07 ? 00:00:01 [pdflush] root 116 5 0 Mar07 ? 00:00:00 [aio/0] root 115 1 0 Mar07 ? 00:00:09 [kswapd0] root 704 1 0 Mar07 ? 00:00:00 [kseriod] root 796 1 0 Mar07 ? 00:00:02 [kjournald] root 938 1 0 Mar07 ? 00:00:00 udevd -d root 1192 1 0 Mar07 ? 00:00:00 [khubd] root 1577 1 0 Mar07 ? 00:00:12 [kjournald] root 1583 1 0 Mar07 ? 00:00:00 [kjournald] root 2359 1 0 Mar07 ? 00:00:40 /sbin/ifplugd -b -i eth0 rpc 2442 1 0 Mar07 ? 00:00:00 portmap root 2466 1 0 Mar07 ? 00:00:00 syslogd -m 0 root 2483 1 0 Mar07 ? 00:00:00 klogd -2 root 2515 1 0 Mar07 ? 00:00:00 /usr/sbin/acpid root 2551 1 0 Mar07 ? 00:00:00 rpc.statd root 2635 1 0 Mar07 ? 00:00:03 cupsd root 2780 1 0 Mar07 ? 00:00:00 [kgameportd] root 2814 1 0 Mar07 ? 00:00:00 dhclient -1 -q -lf /var/lib/dhcp/dhclient-eth0.leases -pf /var/run/dhc xfs 3003 1 0 Mar07 ? 00:00:00 xfs -port -1 -daemon -droppriv -user xfs 71 3018 1 0 Mar07 ? 00:00:00 dbus-daemon-1 --system root 3033 1 0 Mar07 ? 00:05:21 hald root 3180 1 0 Mar07 ? 00:00:00 /usr/bin/kdm -nodaemon root 3189 3180 69 Mar07 tty7 7-01:53:38 /etc/X11/X -deferglyphs 16 :0 -auth /var/run/xauth/A:0-K9voZd root 3190 1 0 Mar07 ? 00:01:00 nifd -n nobody 3252 1 0 Mar07 ? 00:00:00 mDNSResponder daemon 3268 1 0 Mar07 ? 00:00:00 /usr/sbin/atd root 3322 1 0 Mar07 ? 00:00:00 xinetd -stayalive -reuse -pidfile /var/run/xinetd.pid root 3699 1 0 Mar07 ? 00:00:00 /opt/win4lin/bin/vnetd clamav 3775 1 0 Mar07 ? 00:00:08 /usr/bin/freshclam --config-file=/etc/freshclam.conf --quiet --daemon root 3791 1 0 Mar07 ? 00:00:00 crond root 3861 1 0 Mar07 ? 00:00:00 /usr/bin/lisa -c /etc/lisarc root 3900 1 0 Mar07 tty1 00:00:00 /sbin/mingetty tty1 root 3901 1 0 Mar07 tty2 00:00:00 /sbin/mingetty tty2 root 3902 1 0 Mar07 tty3 00:00:00 /sbin/mingetty tty3 root 3903 1 0 Mar07 ? 00:00:00 login -- root root 3904 1 0 Mar07 tty5 00:00:00 /sbin/mingetty tty5 root 3905 1 0 Mar07 tty6 00:00:00 /sbin/mingetty tty6 joe 4071 1 0 Mar07 ? 00:01:37 /usr/lib/gam_server root 7763 3903 0 Mar10 tty4 00:00:00 -bash joe 21126 1 0 Mar15 ? 00:00:00 /usr/lib/gconfd-2 13 root 17244 3180 0 12:24 ? 00:00:00 -:0 joe 17264 17244 0 12:24 ? 00:00:00 /bin/sh /usr/bin/startkde joe 17325 17264 0 12:24 ? 00:00:00 /usr/bin/perl /usr/bin/mdkapplet joe 17336 17264 0 12:24 ? 00:00:00 /usr/bin/perl /usr/bin/net_applet joe 17349 1 0 12:24 ? 00:00:00 s2u --daemon=yes joe 17370 17264 0 12:24 ? 00:00:00 /bin/sh /usr/bin/startkde joe 17371 17370 0 12:24 ? 00:00:00 gnome-volume-manager joe 17390 1 0 12:24 ? 00:00:00 kdeinit Running... joe 17393 1 0 12:24 ? 00:00:00 dcopserver [kdeinit] --nosid joe 17395 17390 0 12:24 ? 00:00:00 klauncher [kdeinit] joe 17398 1 0 12:24 ? 00:00:00 kded [kdeinit] joe 17410 17390 0 12:24 ? 00:00:00 /usr/bin/artsd -F 10 -S 4096 -s 60 -m artsmessage -c drkonqi -l 3 -f joe 17412 1 0 12:24 ? 00:00:00 kaccess [kdeinit] joe 17413 17264 0 12:24 ? 00:00:00 kwrapper ksmserver joe 17415 1 0 12:24 ? 00:00:00 ksmserver [kdeinit] joe 17417 17390 0 12:24 ? 00:00:00 kwin [kdeinit] -session 1014cd7d2d4000120328531400000141940000_1205781 joe 17419 1 0 12:24 ? 00:00:00 kdesktop [kdeinit] joe 17422 1 0 12:24 ? 00:00:02 kicker [kdeinit] joe 17424 17390 0 12:24 ? 00:00:00 xsettings-kde joe 17426 1 0 12:24 ? 00:00:00 korgac --miniicon korganizer joe 17427 1 0 12:24 ? 00:00:00 krandrtray -session 1014cd7d2d4000115565379600000042880006_1205781767_ joe 17429 1 0 12:24 ? 00:00:00 knotify [kdeinit] joe 17554 17390 0 12:29 ? 00:00:00 kio_file [kdeinit] file /home/joe/tmp/ksocket-joe/klauncherFALPab.slav joe 17556 1 0 12:29 ? 00:00:00 kio_uiserver [kdeinit] joe 17864 17390 1 12:33 ? 00:00:00 konsole [kdeinit] joe 17865 17864 0 12:34 pts/1 00:00:00 /bin/bash joe 17910 17865 0 12:34 pts/1 00:00:00 ps -ef --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss