Am 28.03.2014 um 15:30 schrieb Matt Garman <matthew.garman@xxxxxxxxx>:
> On Fri, Mar 28, 2014 at 9:01 AM, Mr Queue <lists@xxxxxxxxxxx> wrote:
>
>> On Thu, 27 Mar 2014 17:20:22 -0500
>> Matt Garman <matthew.garman@xxxxxxxxx> wrote:
>>
>>> Anyone seen anything like this? Any thoughts or ideas?
>>
>> Post some data.. This public facing? Are you getting sprayed down by
>> packets? Array? Soft/hard? Someone have screens
>> laying around? Write a trap to catch a process list when the loads spike?
>> Look at crontab(s)? User accounts? Malicious
>> shells? Any guest containers around? Possibilities are sort of endless
>> here.
>>
>
>
> Not public facing (no Internet access at all). Linux software RAID-1. No
> screen or tmux data. No guest access of any kind. In fact, only three
> logged in users.
>
> I've reviewed crontabs (there are only a couple), and I don't see anything
> out of the ordinary. Malicious shells or programs: possibly, but I think
> that is highly unlikely... if someone were going to do something malicious,
> *this* particular server is not the one to target.
- update the os (current is far from 5.7)
- partition alignment?
- "heuristic/try and error"-approach: disable all crontabs and check the behavior - any load?
--
LF
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
