[Cialug] Suspicious Server

Jonathan C. Bailey jbailey at co.marshall.ia.us
Thu Oct 11 09:46:39 CDT 2007

I'm guessing the SSH session as ctrl-c didn't do anything. I didn't run uptime before I rebooted it, but the system was otherwise responsive. I looked in the logs and didn't see anything that wasn't normal... Maybe it was just an oddity...

Jonathan Bailey
Webmaster, Marshall County, Iowa
E: jbailey at co.marshall.ia.us
A: 1 E Main St, Marshalltown, IA 50158
P: 641-844-2804
C: 515-988-1021

----- Original Message -----
From: "John Lengeling" <John.Lengeling at radisys.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Thursday, October 11, 2007 9:41:34 AM (GMT-0600) America/Chicago
Subject: RE: [Cialug] Suspicious Server

Did the ssh session hang or was it just the commands that were hung?
IE: could you interrupt the command (ps/w/kill/chkrootkit) with a ^C?

Sounds like some sort of resource starvation.

Look in /var/log/messages for clues (and other files in /var/log).  If
you hadn't rebooted the system,  "uptime" would be good to run to see
the load average.

-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On
Behalf Of Jonathan C. Bailey
Sent: Thursday, October 11, 2007 9:23 AM
To: Central Iowa Linux Users Group
Subject: [Cialug] Suspicious Server

I've got a server that was acting a bit suspicious... I could SSH to it
and navigate through files (ls/cd/cat/tail) without any issue, but if I
tried to run a utility like ps/w/kill/chkrootkit, the SSH session would
just hang. I rebooted the box and all seems to be fine and chkrootkit
doesn't show anything out of place. The other utilities work as normal.
This machine only has port 22 open to the world and only allows public
key auth to it. Any thoughts on if this is truly suspicious, or is there
something else that could cause these commands to just hang?


Cialug mailing list
Cialug at cialug.org
Cialug mailing list
Cialug at cialug.org

More information about the Cialug mailing list