I don't know how likely this explanation is, given the exposure this box has seen, But the KIS, (Kernel Intrusion System) that was released by Optyx a few defcons ago, can mask processes from the kernel. http://www.linux.cu/pipermail/linux-l/2001-July/026017.html HTH, Gavin. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Thierry ITTY Sent: Monday, May 16, 2005 3:21 PM To: General Red Hat Linux discussion list Subject: invisible process I'm working on a internet gateway for my home based on RH9 I want it to be "small" (P200/64MB) and "silent" (spin down disks and so on) So I recompiled the kernel (2.4.20-x) with any unuseful thing disabled (ie no audio, no video, no usb, and so on), even no module support (2 nics and ext2/3 compiled in) it works fine, I just noticed a very strange thing : some processes became invisible ! I mean, sshd, named, for example, are not listed in "top" or "ps ax" thought they exist. "netstat -nap" shows ports listening, but with no associated processes (sshd, named...) "ls -al /proc" shows only a very few processes (which I can see in "top" or "ps ax") But, still stranger, "/var/run/sshd.pid" contains a pid number, which is _not_ listed in /proc, but a "cd /proc/<sshd.pid>" works (and then "pwd" and so on) and the directory is a valid /proc process sub-dir, with correct exe link, for example. When I connect to this gateway throught sshd, the forked sshd process becomes visible The same is true for named (excepted for the last remark) When I need to shut it down, I get messages that the filesystems are still busy, I think the "sending kill to all processes" can't find the invisible ones, and they gon on running, keeping the filesystems busy If I use a standard, or not-that-much-optimized custom kernel, I have no invisible processes I really wonder what this can come from, though it doesn't prevent my gateway to work fine... Any clue somebody ? Thierry -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
