the issue occurs even on a live cd so the machine's software load isn't
suspect. It's the nics.
Lorenzo Martínez Rodríguez wrote:
William Warren escribió:
post it on the centos bug tracker to start..:)
listmail wrote:
On Sat, 19 Jul 2008 21:56:45 -0700, John R Pierce wrote
Stephen John Smoogen wrote:
On Sat, Jul 19, 2008 at 2:48 PM, listmail <listmail@xxxxxxxxxxxxx>
wrote:
I am running CentOS 5 on a dual-dual-core Intel machine, and I am
seeing
a load average of between 0.35 and 0.50 while the machine is idle,
i.e.
no processes appear to be running.
Download the livecd and boot using it. See if the load average still
occurs. Check to see if you have any traffic occuring on the network
from the system. [I had a box that was kernel trojaned that had a load
average all the time when it was on the wire and did not when it
didn't. The kernel trojan was looking for a particular bit of traffic
that would open up its backdoor to.]
its been ages since i've had to do this, but in years past, rkhunter
was really good at finding rootkits like this. worst case, you put
it on alive CD and run it from there.
OK, I downloaded the CentOS 5.2 Live CD and booted from it. To eliminate
load from the GUI, I forced the system into runlevel 3 and ran top.
I see the same problem; the load average sits at about 0.40
continuously.
This is with the ethernet drivers running, and it does not matter if the
network cables are plugged in or not.
In my mind, that pretty much eliminates the possibility of a rootkit,
unless
one was delivered with the Live CD. :-) So it looks like this is a bug
in either the Intel GLAN driver, or some other kernel timing issue.
If anyone
can suggest where this bug should be reported and is likely to be
addressed,
please let me know. I don't know myself who would be the correct
party to
notify.
Thanks to everyone who responded and helped me track this one down.
I'm not
sure if should roll back to CentOS 5.0, or just try to live with this
bug
until the maintainers address it, but at least I have some idea of
what's
wrong.
Thanks,
--Bill
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Hello,
to try to find out if you have hidden processes I suggest you to try
this: http://www.security-projects.com/?Unhide
I have cronned it every night in my server.
It works really good. rkhunter is very good tool too.
Try both and let us know.
Another issue: What is the proposal of the machine? is it a web server?
mail server? dns server? Check that /etc/resolv.conf has the right
information and check the routes to get access to different nerworks
too. If machine processor is idle, but the machine load is high, it
could be because the processes queue is very big, but the machine
processors could not be so overloaded.
Regards,
--
Registered Microsoft Partner
My "Foundation" verse:
Isa 54:17
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
