/tmp/swap is causing my CPU busy
Warren Block
wblock at wonkity.com
Mon Jan 9 17:04:26 UTC 2017
On Tue, 10 Jan 2017, Bill Yuan wrote:
> Hi,
> Need support here. I just noticed my machine is busy and a process is the
> root cause, I am not familiar with the memory/SWAP, Can someone please help
> to take a look? any info is required? please let me know.
>
> #top
> 52 processes: 1 running, 50 sleeping, 1 zombie
> CPU: 3.5% user, 0.0% nice, 0.6% system, 0.0% interrupt, 95.9% idle
> Mem: 53M Active, 997M Inact, 133M Wired, 44M Buf, 791M Free
> Swap: 2100M Total, 2100M Free
>
> PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU
> COMMAND
> 25592 root 10 25 0 778M 9272K uwait 3 0:38 19.02%
> .swap
> 25599 root 1 20 0 7416K 2596K CPU0 0 0:00 0.11% top
>
> #ps -axd | grep swap
> 25481 0 S+ 0:00.00 | | `-- grep swap
> 22927 - Ss 172:10.74 |-- /tmp/.swap
>
> #uname -a
> FreeBSD NetGate1 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu
> Sep 29 03:40:55 UTC 2016
> root at releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
> i386
That does not look good to me. A hidden file named ".swap" that is
*running*, and as root? I would immediately disconnect that machine
from the net and then check to see if that's a compromise, because it
sure looks fishy.
More information about the freebsd-questions
mailing list