[gentoo-user] Excessive processor usage

[gentoo-user] Excessive processor usage

[sean]

There seems to be a lot of excessive processor usage and I am trying to 
track down why.

Is anyone able to recommend the best way to track down what is causing 
the excess processor usage?

I have not noticed anything using top.

					Thanks
					Sean

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[Xav']

[-- Attachment #1: Type: text/plain, Size: 510 bytes --]

sean a écrit :
> There seems to be a lot of excessive processor usage and I am trying to
> track down why.
> 
> Is anyone able to recommend the best way to track down what is causing
> the excess processor usage?
> 
> I have not noticed anything using top.
So how do you know there is an excessive processor usage ? Could you describe
more precisely what you want to mean ?
> 
>                     Thanks
>                     Sean
> 

Regards,
Xavier Parizet

--
http://www.linuxant.fr


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: [gentoo-user] Excessive processor usage

[Abraham Marín Pérez]

sean escribió:
> There seems to be a lot of excessive processor usage and I am trying 
> to track down why.
>
> Is anyone able to recommend the best way to track down what is causing 
> the excess processor usage?
>
> I have not noticed anything using top.
>
>                     Thanks
>                     Sean
>
If top doesn't show up anything only two things come to my mind:

1) There's no excess processor usage
2) Someone compromised your system and maybe added an application that 
is using you cpu, but also changed top so it doesn't show this new 
application (might seem paranoid, but I've seen it before).

Abraham

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[Xav']

[-- Attachment #1: Type: text/plain, Size: 917 bytes --]

Abraham Marín Pérez a écrit :
> sean escribió:
>> There seems to be a lot of excessive processor usage and I am trying
>> to track down why.
>>
>> Is anyone able to recommend the best way to track down what is causing
>> the excess processor usage?
>>
>> I have not noticed anything using top.
>>
>>                     Thanks
>>                     Sean
>>
> If top doesn't show up anything only two things come to my mind:
> 
> 1) There's no excess processor usage
> 2) Someone compromised your system and maybe added an application that
> is using you cpu, but also changed top so it doesn't show this new
> application (might seem paranoid, but I've seen it before).
> 
> Abraham
> 
If you want to check there is no such program on your system, I advice you to
try chkrootkit, to check there is no such rootkit on your system...

Regards,
Xavier Parizet

--
http://www.linuxant.fr


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: [gentoo-user] Excessive processor usage

[Duane Griffin]

On 06/08/07, sean <tech.junk@verizon.net> wrote:
> There seems to be a lot of excessive processor usage and I am trying to
> track down why.
>
> Is anyone able to recommend the best way to track down what is causing
> the excess processor usage?
>
> I have not noticed anything using top.

You might want to look at sysstat for tracking system load:
app-admin/sysstat

Oprofile will track down exactly what is happening on your box (modulo
particularly clever root-kits). It requires kernel support and can be
a bit daunting, but is very powerful:
dev-util/oprofile

>                                         Thanks
>                                         Sean

Cheers,
Duane.

-- 
"I never could learn to drink that blood and call it wine" - Bob Dylan
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[sean]

Xav' wrote:

> So how do you know there is an excessive processor usage ? Could you describe
> more precisely what you want to mean ?

Have gkrellm2 monitoring CPU usage and often for varied lengths of time 
will see a long and increased processor usage, this usually occurs on CPU1.
Things get a bit sluggish when this happens. This is a recent problem.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[Volker Armin Hemmann]

On Montag, 6. August 2007, sean wrote:
> Xav' wrote:
> > So how do you know there is an excessive processor usage ? Could you
> > describe more precisely what you want to mean ?
>
> Have gkrellm2 monitoring CPU usage and often for varied lengths of time
> will see a long and increased processor usage, this usually occurs on CPU1.
> Things get a bit sluggish when this happens. This is a recent problem.

I suspect IO. Disk IO makes everything slow. Especially if swap is involved.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[Hans-Werner Hilse]

Hi,

On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote:

> If you want to check there is no such program on your system, I
> advice you to try chkrootkit, to check there is no such rootkit on
> your system...

To put it correctly, since there is _NO_ way to assure that there isn't
a rootkit:

chkrootkit can be used to check whether there _are_ _known_ rootkits.

BTW, there are other, similar programs that do the same.
But my point is: You can never be sure, since a hypothesis can't be
proven correct, just invalid.

If there are indications a rootkit might be present, there's no secure
way to remove it but to reinstall.

-hwh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[sean]

Hans-Werner Hilse wrote:
> Hi,
> 
> On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote:
> 
>> If you want to check there is no such program on your system, I
>> advice you to try chkrootkit, to check there is no such rootkit on
>> your system...
> 
> To put it correctly, since there is _NO_ way to assure that there isn't
> a rootkit:
> 
> chkrootkit can be used to check whether there _are_ _known_ rootkits.
> 
> BTW, there are other, similar programs that do the same.
> But my point is: You can never be sure, since a hypothesis can't be
> proven correct, just invalid.
> 
> If there are indications a rootkit might be present, there's no secure
> way to remove it but to reinstall.
> 
> -hwh


Hans, Xav, Thank You both, ran the root kit check no problems.

			
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[sean]

Volker Armin Hemmann wrote:
> On Montag, 6. August 2007, sean wrote:
>> Xav' wrote:
>>> So how do you know there is an excessive processor usage ? Could you
>>> describe more precisely what you want to mean ?
>> Have gkrellm2 monitoring CPU usage and often for varied lengths of time
>> will see a long and increased processor usage, this usually occurs on CPU1.
>> Things get a bit sluggish when this happens. This is a recent problem.
> 
> I suspect IO. Disk IO makes everything slow. Especially if swap is involved.

Thanks Volker,

	I will have to look this one over carefully.

		
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 435 bytes --]

On Mon, 06 Aug 2007 10:49:01 -0400, sean wrote:

> Hans, Xav, Thank You both, ran the root kit check no problems.

Which may not prove much. Rootkit detectors (I prefer rkhunter BTW) are
most effective when installed before a computer is open to infection. If
you install it on a machine that has already been rootkitted, the rootkit
may be able to conceal itself.


-- 
Neil Bothwick

Excuse for the day: daemons did it

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[gentoo-user] Re: Excessive processor usage

[James]

Hans-Werner Hilse <hilse <at> web.de> writes:

> > If you want to check there is no such program on your system, I
> > advice you to try chkrootkit, to check there is no such rootkit on
> > your system...

> To put it correctly, since there is _NO_ way to assure that there isn't
> a rootkit:

> chkrootkit can be used to check whether there _are_ _known_ rootkits.

> BTW, there are other, similar programs that do the same.
> But my point is: You can never be sure, since a hypothesis can't be
> proven correct, just invalid.


Well you are right and you are wrong.
You are right for noobs.

If the person has a second system and sets up a flat hub and the
ethernet in stealth mode, you can sniff the ethernet I/O all day
long and use a variety of tools to discern if nefarious activities
abound on a given system. Sure it's a bit of work, but all hacked
systems I've ever seen use the system to ethernet I/O.  They can
encrypt that traffic, but if you know what should/not be traversing
the ethernet, there is no way to hide an actively compromised 
system. 

If the hacker scantly uses resources, and is elite, often it's the
best thing for a noob, because they keep the systems in pristine
condition....

building a gentoo based firewall, that runs off of a  non rewritable
media (CD and such) is definitely a good idea, if you want to 
control your resource utilization....


ymmv,
hth,

James



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[Uwe Thiem]

On 06 August 2007, sean wrote:
> Hans-Werner Hilse wrote:
> > Hi,
> >
> > On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote:
> >> If you want to check there is no such program on your system, I
> >> advice you to try chkrootkit, to check there is no such rootkit on
> >> your system...
> >
> > To put it correctly, since there is _NO_ way to assure that there isn't
> > a rootkit:
> >
> > chkrootkit can be used to check whether there _are_ _known_ rootkits.
> >
> > BTW, there are other, similar programs that do the same.
> > But my point is: You can never be sure, since a hypothesis can't be
> > proven correct, just invalid.
> >
> > If there are indications a rootkit might be present, there's no secure
> > way to remove it but to reinstall.
> >
> > -hwh
>
> Hans, Xav, Thank You both, ran the root kit check no problems.

The problems remain: You can't be sure. :-(

Uwe

-- 
Jack Nicholson: My mother never saw the irony in calling me a son of a bitch.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Excessive processor usage

[Paul]

[-- Attachment #1: Type: text/plain, Size: 1274 bytes --]

so there is always an assumption

On 8/6/07, Uwe Thiem <uwix@iway.na> wrote:
>
> On 06 August 2007, sean wrote:
> > Hans-Werner Hilse wrote:
> > > Hi,
> > >
> > > On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr>
> wrote:
> > >> If you want to check there is no such program on your system, I
> > >> advice you to try chkrootkit, to check there is no such rootkit on
> > >> your system...
> > >
> > > To put it correctly, since there is _NO_ way to assure that there
> isn't
> > > a rootkit:
> > >
> > > chkrootkit can be used to check whether there _are_ _known_ rootkits.
> > >
> > > BTW, there are other, similar programs that do the same.
> > > But my point is: You can never be sure, since a hypothesis can't be
> > > proven correct, just invalid.
> > >
> > > If there are indications a rootkit might be present, there's no secure
> > > way to remove it but to reinstall.
> > >
> > > -hwh
> >
> > Hans, Xav, Thank You both, ran the root kit check no problems.
>
> The problems remain: You can't be sure. :-(
>
> Uwe
>
> --
> Jack Nicholson: My mother never saw the irony in calling me a son of a
> bitch.
> --
> gentoo-user@gentoo.org mailing list
>
>


-- 
               /
              /
      \ O  /
       \/_(
.__  /   \
  __\/     )
./         (

[-- Attachment #2: Type: text/html, Size: 2173 bytes --]