homepage Welcome to WebmasterWorld Guest from 54.204.142.143
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Too much processes?
What are they? Please help!
gutabo




msg:910504
 11:47 pm on Nov 7, 2003 (gmt 0)

Hi, I'm a Unix n00b, and after typing ps -aux, I found this:
(changed some user names)

USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 93352 0.0 0.0 432 252 p2 R+ 11:32PM 0:00.00 ps -aux
root 1517 0.0 0.0 932 564? Ss Wed07AM 0:03.50 /usr/sbin/syslogd -ss
root 1911 0.0 0.0 1072 672? Is Wed07AM 0:03.03 /usr/sbin/inetd -wW
root 2007 0.0 0.0 980 676? Ss Wed07AM 0:00.67 /usr/sbin/cron
root 2119 0.0 0.1 2332 1320? Is Wed07AM 0:02.72 /usr/sbin/sshd
root 2314 0.0 0.1 3636 1992? Ss Wed07AM 0:09.07 sendmail: accepting connections (sendmail)
smmsp 2419 0.0 0.1 2808 1748? Is Wed07AM 0:00.14 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
root 4599 0.0 0.0 644 256? I Wed07AM 0:00.01 /bin/sh /usr/local/bin/safe_mysqld --user=mysql --datadir=/var/db/mysql --pid-fi
root 4606 0.0 0.0 1568 724? Is Wed07AM 0:02.15 /usr/local/sbin/saslauthd -a pam -n 1
mysql 4677 0.0 0.2 27364 4200? S Wed07AM 0:01.56 /usr/local/libexec/mysqld --basedir=/usr/local --datadir=/var/db/mysql --user=my
root 12680 0.0 0.2 6428 4644? Is Wed06PM 0:00.00 /usr/local/bin/python2.1 /usr/local/apache/Zope/z2.py -u root -t 2
root 12681 0.0 1.1 26216 24032? S Wed06PM 0:15.28 /usr/local/bin/python2.1 /usr/local/apache/Zope/z2.py -u root -t 2
root 89193 0.0 0.1 2812 1972? I 2:18PM 0:00.21 sshd: root@notty (sshd)
root 89234 0.0 0.0 1104 696? Is 2:18PM 0:00.01 csh -c /usr/libexec/sftp-server
root 89235 0.0 0.1 2164 1288? I 2:18PM 0:00.28 /usr/libexec/sftp-server
root 33102 0.0 0.1 2472 1664? S 6:08PM 0:01.31 sshd: root@ttyp2 (sshd)
root 33432 0.0 0.0 1352 880 p2 Ss 6:10PM 0:00.04 -csh (csh)
root 81073 0.0 0.6 15100 13488? Ss 10:18PM 0:03.09 proftpd: root - 200.106.87.39: IDLE (proftpd)
root 84542 0.0 0.1 3740 2252? I 10:39PM 0:00.01 sendmail: server c-24-3-155-61.client.comcast.net [24.3.155.61] cmd read (sendmail)
root 85285 0.0 0.3 16416 7120? Ss 10:43PM 0:00.97 /usr/local/apache/bin/httpsd
www 85287 0.0 0.3 16544 7272? S 10:43PM 0:01.39 /usr/local/apache/bin/httpsd
www 85288 0.0 0.3 16580 7312? S 10:43PM 0:01.43 /usr/local/apache/bin/httpsd
www 85289 0.0 0.4 16576 7460? S 10:43PM 0:01.42 /usr/local/apache/bin/httpsd
www 85290 0.0 0.3 16556 7268? S 10:43PM 0:01.48 /usr/local/apache/bin/httpsd
www 85291 0.0 0.3 16576 7300? S 10:43PM 0:01.41 /usr/local/apache/bin/httpsd
www 85292 0.0 0.3 16560 7288? S 10:43PM 0:01.38 /usr/local/apache/bin/httpsd
www 85294 0.0 0.4 16704 7640? S 10:43PM 0:01.42 /usr/local/apache/bin/httpsd
www 85295 0.0 0.4 18928 8028? S 10:43PM 0:01.12 /usr/local/apache/bin/httpsd
www 85298 0.0 0.3 16572 7304? S 10:44PM 0:01.44 /usr/local/apache/bin/httpsd
www 85299 0.0 0.3 16572 7304? S 10:44PM 0:01.31 /usr/local/apache/bin/httpsd
www 92499 0.0 0.3 16532 7236? S 11:27PM 0:00.16 /usr/local/apache/bin/httpsd
root 93283 0.0 0.1 3740 2272? S 11:32PM 0:00.02 sendmail: server [200.106.87.39] cmd read (sendmail)
root 93344 0.0 0.1 3920 2404? S 11:32PM 0:00.02 sendmail: ./hA7NWQKj093283 smtp-pandora.telenet-ops.be.: client MAIL (sendmail)
root 1 0.0 0.0 536 204? Is Wed07AM 0:00.05 /sbin/init --

Which one of these are the good guys? Are there any bad guys?

BTW, we had some spam issues because someone was using an Open Proxy... but we DO NOT SPAM. Ever.

Please help!
(thanks in advance)

 

bakedjake




msg:910505
 7:29 pm on Nov 10, 2003 (gmt 0)

Which one of these are the good guys? Are there any bad guys?

I see:

syslog - logging daemon
saslauthd - postfix's secure smtp authenticator
inetd - tcp network services superserver
cron - scheduler
sshd - secure shell
sendmail - MTA
mysql - db
zope - application server
sftp - ssh's secure ftp daemon
apache - web server

Do you know what those all do? If so, then you're alright. If not, I'd consider shutting down what you don't need.

If you're not familiar with UNIX, I certainly wouldn't have picked some of the software choices you're running. For example, I wouldn't run syslog, I wouldn't run inetd, and I wouldn't run sendmail. There are much better alternatives to those three programs.

But I don't run init either. ;-)

drbrain




msg:910506
 5:57 pm on Nov 12, 2003 (gmt 0)

/usr/sbin/syslogd -ss

If you read the syslogd(8) man page, you'll realize that syslogd is only opening the local socket, so logging from or to remote machines is denied. You'll be losing important logs without running syslogd.

I find it very odd that you don't run init(8), how does your system even boot?

Maybe you mean inetd(8).

bakedjake




msg:910507
 6:20 pm on Nov 12, 2003 (gmt 0)

drbrain - I meant that there are better alternatives (IMHO) to those pieces of software.

No, I don't run init. I use djb's svscan as process 1. init is bloated and not needed for a modern UNIX system. I don't use runlevels; no need for a server who's function is not a general purpose multi-user machine.

I don't run syslog because of the security problems in the past. I use socklog instead. It's smaller, and more secure.

My post was hardly meant to start a religious war, I just suggested that gutabo know what each of those processes do before leaving them enabled. :) For example, everyone should know what init does, and where its shortcomings are. The knowledge is critical to running a safe, reliable, and fast UNIX box.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved