in meinem frisch installierten Debian Lenny tummelt sich ein nicht wissentlich installierter ngnix Prozess, den man aber nur bei genauerm hinsehen findet:
Ein normales ps aux findet den Prozess nicht:
ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.1 2096 684 ? Ss 19:22 0:01 init [2]
root 2 0.0 0.0 0 0 ? S< 19:22 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S< 19:22 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S< 19:22 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 19:22 0:00 [watchdog/0]
root 6 0.0 0.0 0 0 ? S< 19:22 0:00 [events/0]
root 7 0.0 0.0 0 0 ? S< 19:22 0:00 [khelper]
root 39 0.0 0.0 0 0 ? S< 19:22 0:00 [kblockd/0]
root 41 0.0 0.0 0 0 ? S< 19:22 0:00 [kacpid]
root 42 0.0 0.0 0 0 ? S< 19:22 0:00 [kacpi_notify]
root 106 0.0 0.0 0 0 ? S< 19:22 0:00 [kseriod]
root 143 0.0 0.0 0 0 ? S 19:22 0:00 [pdflush]
root 144 0.0 0.0 0 0 ? S 19:22 0:00 [pdflush]
root 145 0.0 0.0 0 0 ? S< 19:22 0:00 [kswapd0]
root 146 0.0 0.0 0 0 ? S< 19:22 0:00 [aio/0]
root 600 0.0 0.0 0 0 ? S< 19:22 0:00 [ksuspend_usbd]
root 601 0.0 0.0 0 0 ? S< 19:22 0:00 [khubd]
root 674 0.0 0.0 0 0 ? S< 19:22 0:00 [ata/0]
root 675 0.0 0.0 0 0 ? S< 19:22 0:00 [ata_aux]
root 817 0.0 0.0 0 0 ? S< 19:22 0:00 [kstriped]
root 821 0.0 0.0 0 0 ? S< 19:22 0:00 [ksnapd]
root 921 0.0 0.1 2288 808 ? S<s 19:22 0:00 udevd --daemon
root 1255 0.0 0.0 0 0 ? S< 19:22 0:00 [kgameportd]
root 1393 0.0 0.0 0 0 ? S< 19:22 0:00 [kpsmoused]
root 1702 0.0 0.0 0 0 ? S< 19:22 0:00 [kdmflush]
root 1803 0.0 0.1 2996 892 ? Ss 19:22 0:00 /usr/sbin/pppd call dsl-provider
daemon 1819 0.0 0.0 1888 504 ? Ss 19:22 0:00 /sbin/portmap
statd 1838 0.0 0.1 1952 716 ? Ss 19:22 0:00 /sbin/rpc.statd
root 2093 0.0 0.2 27404 1428 ? Sl 19:22 0:00 /usr/sbin/rsyslogd -c3
root 2112 0.0 0.1 1764 648 ? Ss 19:22 0:00 /usr/sbin/acpid
103 2122 0.0 0.2 2752 1092 ? Ss 19:22 0:00 /usr/bin/dbus-daemon --system
root 2146 0.0 0.4 6340 2180 ? Ss 19:22 0:00 /usr/sbin/cupsd
101 2413 0.0 0.1 6272 920 ? Ss 19:22 0:00 /usr/sbin/exim4 -bd -q30m
105 2434 0.0 0.6 5376 3272 ? Ss 19:22 0:00 /usr/sbin/hald
root 2435 0.0 0.2 3320 1080 ? S 19:22 0:00 hald-runner
root 2453 0.0 0.1 3384 1032 ? S 19:22 0:00 hald-addon-input: Listening on /dev/input/event2 /dev/input/event1 /dev/input/
105 2461 0.0 0.1 2268 872 ? S 19:22 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
root 2462 0.0 0.1 3384 1024 ? S 19:22 0:00 hald-addon-storage: no polling on /dev/fd0 because it is explicitly disabled
root 2469 0.0 0.2 3384 1036 ? S 19:23 0:00 hald-addon-storage: polling /dev/hdc (every 2 sec)
root 2485 0.0 0.3 14260 1664 ? Ss 19:23 0:00 /usr/sbin/gdm
root 2492 0.0 0.6 14692 3196 ? S 19:23 0:00 /usr/sbin/gdm
root 2495 0.0 0.1 3852 1020 ? Ss 19:23 0:00 /usr/bin/system-tools-backends
root 2501 0.3 3.1 22732 16496 tty7 Ss+ 19:23 0:03 /usr/X11R6/bin/X :0 -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
daemon 2516 0.0 0.0 2044 436 ? Ss 19:23 0:00 /usr/sbin/atd
root 2538 0.0 0.1 3452 988 ? Ss 19:23 0:00 /usr/sbin/cron
root 2557 0.0 0.0 1764 500 tty1 Ss+ 19:23 0:00 /sbin/getty 38400 tty1
root 2558 0.0 0.0 1764 508 tty2 Ss+ 19:23 0:00 /sbin/getty 38400 tty2
root 2559 0.0 0.0 1764 500 tty3 Ss+ 19:23 0:00 /sbin/getty 38400 tty3
root 2560 0.0 0.0 1764 508 tty4 Ss+ 19:23 0:00 /sbin/getty 38400 tty4
root 2561 0.0 0.0 1764 504 tty5 Ss+ 19:23 0:00 /sbin/getty 38400 tty5
root 2562 0.0 0.0 1764 508 tty6 Ss+ 19:23 0:00 /sbin/getty 38400 tty6
xxx 2585 0.0 1.3 28296 7044 ? Ssl 19:26 0:00 x-session-manager
xxx 2631 0.0 0.1 4752 564 ? Ss 19:26 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/seahorse-
xxx 2634 0.0 0.1 3096 708 ? S 19:26 0:00 /usr/bin/dbus-launch --exit-with-session /usr/bin/seahorse-agent --execute x-s
xxx 2635 0.0 0.1 2620 940 ? Ss 19:26 0:00 /usr/bin/dbus-daemon --fork --print-pid 6 --print-address 9 --session
xxx 2637 0.0 0.7 7084 3960 ? S 19:26 0:00 /usr/lib/libgconf2-4/gconfd-2 13
xxx 2643 0.0 1.4 24032 7612 ? Ss 19:26 0:00 /usr/bin/seahorse-agent --execute x-session-manager
xxx 2646 0.0 0.4 14660 2068 ? S 19:26 0:00 /usr/bin/gnome-keyring-daemon
xxx 2648 0.0 1.8 40428 9636 ? Sl 19:26 0:00 gnome-settings-daemon
xxx 2666 0.0 1.8 18536 9700 ? S 19:27 0:00 /usr/bin/metacity --sm-client-id=default0
xxx 2667 0.0 0.5 15616 2644 ? Ss 19:27 0:00 gnome-screensaver
xxx 2669 0.2 3.4 34568 18044 ? S 19:27 0:01 gnome-panel --sm-client-id default1
xxx 2671 1.2 3.8 71020 19816 ? S 19:27 0:07 nautilus --no-default-window --sm-client-id default2
xxx 2677 0.0 0.6 40384 3132 ? Ssl 19:27 0:00 /usr/lib/bonobo-activation/bonobo-activation-server --ac-activate --ior-output
xxx 2680 0.0 0.7 10228 3916 ? S 19:27 0:00 /usr/lib/gnome-vfs-2.0/gnome-vfs-daemon
xxx 2691 0.0 0.9 20064 5016 ? Ss 19:27 0:00 /usr/lib/gnome-volume-manager/gnome-volume-manager --sm-disable
xxx 2692 0.0 1.3 22684 7220 ? Ss 19:27 0:00 gnome-power-manager
xxx 2709 0.0 0.1 2876 924 ? S 19:27 0:00 /usr/lib/nautilus-cd-burner/mapping-daemon
xxx 2712 0.0 2.6 35400 13896 ? Sl 19:27 0:00 /usr/lib/gnome-applets/mixer_applet2 --oaf-activate-iid=OAFIID:GNOME_MixerAppl
xxx 2803 2.8 2.7 37968 14336 ? Sl 19:36 0:01 gnome-terminal
xxx 2805 0.0 0.1 2876 728 ? S 19:36 0:00 gnome-pty-helper
xxx 2806 0.4 0.6 5796 3100 pts/0 Ss 19:36 0:00 bash
root 2818 0.2 0.2 3808 1168 pts/0 S 19:36 0:00 su
root 2820 0.0 0.3 4192 1620 pts/0 R 19:36 0:00 bash
root 2822 0.0 0.1 3716 1024 pts/0 R+ 19:37 0:00 ps aux
wohl aber ein:
ps aux | grep nginx
root 2858 0.0 0.1 3140 768 pts/0 S+ 19:44 0:00 grep nginx
ps aux | grep nginx
root 2860 0.0 0.1 3140 768 pts/0 S+ 19:44 0:00 grep nginx
ps aux | grep nginx
root 2862 0.0 0.1 3140 768 pts/0 S+ 19:44 0:00 grep nginx
und der Lümmel wechselt auch noch die PID
ich bin durch Zufall wegen der Meldung mit dem Botnetz drauf gestoßen.
dpkg -L ngnix
Paket »ngnix« ist nicht installiert.
Kann mir einer sagen wieso das so ist wie es ist?
Danke
