* [gentoo-user] Excessive processor usage
@ 2007-08-06 11:50 sean
2007-08-06 11:56 ` Xav'
` (2 more replies)
0 siblings, 3 replies; 14+ messages in thread
From: sean @ 2007-08-06 11:50 UTC (permalink / raw
To: gentoo-user
There seems to be a lot of excessive processor usage and I am trying to
track down why.
Is anyone able to recommend the best way to track down what is causing
the excess processor usage?
I have not noticed anything using top.
Thanks
Sean
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 14+ messages in thread* Re: [gentoo-user] Excessive processor usage 2007-08-06 11:50 [gentoo-user] Excessive processor usage sean @ 2007-08-06 11:56 ` Xav' 2007-08-06 12:55 ` sean 2007-08-06 12:03 ` Abraham Marín Pérez 2007-08-06 12:30 ` [gentoo-user] " Duane Griffin 2 siblings, 1 reply; 14+ messages in thread From: Xav' @ 2007-08-06 11:56 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 510 bytes --] sean a écrit : > There seems to be a lot of excessive processor usage and I am trying to > track down why. > > Is anyone able to recommend the best way to track down what is causing > the excess processor usage? > > I have not noticed anything using top. So how do you know there is an excessive processor usage ? Could you describe more precisely what you want to mean ? > > Thanks > Sean > Regards, Xavier Parizet -- http://www.linuxant.fr [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 252 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 11:56 ` Xav' @ 2007-08-06 12:55 ` sean 2007-08-06 13:55 ` Volker Armin Hemmann 0 siblings, 1 reply; 14+ messages in thread From: sean @ 2007-08-06 12:55 UTC (permalink / raw To: gentoo-user Xav' wrote: > So how do you know there is an excessive processor usage ? Could you describe > more precisely what you want to mean ? Have gkrellm2 monitoring CPU usage and often for varied lengths of time will see a long and increased processor usage, this usually occurs on CPU1. Things get a bit sluggish when this happens. This is a recent problem. -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 12:55 ` sean @ 2007-08-06 13:55 ` Volker Armin Hemmann 2007-08-06 14:49 ` sean 0 siblings, 1 reply; 14+ messages in thread From: Volker Armin Hemmann @ 2007-08-06 13:55 UTC (permalink / raw To: gentoo-user On Montag, 6. August 2007, sean wrote: > Xav' wrote: > > So how do you know there is an excessive processor usage ? Could you > > describe more precisely what you want to mean ? > > Have gkrellm2 monitoring CPU usage and often for varied lengths of time > will see a long and increased processor usage, this usually occurs on CPU1. > Things get a bit sluggish when this happens. This is a recent problem. I suspect IO. Disk IO makes everything slow. Especially if swap is involved. -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 13:55 ` Volker Armin Hemmann @ 2007-08-06 14:49 ` sean 0 siblings, 0 replies; 14+ messages in thread From: sean @ 2007-08-06 14:49 UTC (permalink / raw To: gentoo-user Volker Armin Hemmann wrote: > On Montag, 6. August 2007, sean wrote: >> Xav' wrote: >>> So how do you know there is an excessive processor usage ? Could you >>> describe more precisely what you want to mean ? >> Have gkrellm2 monitoring CPU usage and often for varied lengths of time >> will see a long and increased processor usage, this usually occurs on CPU1. >> Things get a bit sluggish when this happens. This is a recent problem. > > I suspect IO. Disk IO makes everything slow. Especially if swap is involved. Thanks Volker, I will have to look this one over carefully. -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 11:50 [gentoo-user] Excessive processor usage sean 2007-08-06 11:56 ` Xav' @ 2007-08-06 12:03 ` Abraham Marín Pérez 2007-08-06 12:30 ` Xav' 2007-08-06 12:30 ` [gentoo-user] " Duane Griffin 2 siblings, 1 reply; 14+ messages in thread From: Abraham Marín Pérez @ 2007-08-06 12:03 UTC (permalink / raw To: gentoo-user sean escribió: > There seems to be a lot of excessive processor usage and I am trying > to track down why. > > Is anyone able to recommend the best way to track down what is causing > the excess processor usage? > > I have not noticed anything using top. > > Thanks > Sean > If top doesn't show up anything only two things come to my mind: 1) There's no excess processor usage 2) Someone compromised your system and maybe added an application that is using you cpu, but also changed top so it doesn't show this new application (might seem paranoid, but I've seen it before). Abraham -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 12:03 ` Abraham Marín Pérez @ 2007-08-06 12:30 ` Xav' 2007-08-06 14:29 ` Hans-Werner Hilse 0 siblings, 1 reply; 14+ messages in thread From: Xav' @ 2007-08-06 12:30 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 917 bytes --] Abraham Marín Pérez a écrit : > sean escribió: >> There seems to be a lot of excessive processor usage and I am trying >> to track down why. >> >> Is anyone able to recommend the best way to track down what is causing >> the excess processor usage? >> >> I have not noticed anything using top. >> >> Thanks >> Sean >> > If top doesn't show up anything only two things come to my mind: > > 1) There's no excess processor usage > 2) Someone compromised your system and maybe added an application that > is using you cpu, but also changed top so it doesn't show this new > application (might seem paranoid, but I've seen it before). > > Abraham > If you want to check there is no such program on your system, I advice you to try chkrootkit, to check there is no such rootkit on your system... Regards, Xavier Parizet -- http://www.linuxant.fr [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 252 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 12:30 ` Xav' @ 2007-08-06 14:29 ` Hans-Werner Hilse 2007-08-06 14:49 ` sean 2007-08-06 17:36 ` [gentoo-user] " James 0 siblings, 2 replies; 14+ messages in thread From: Hans-Werner Hilse @ 2007-08-06 14:29 UTC (permalink / raw To: gentoo-user Hi, On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote: > If you want to check there is no such program on your system, I > advice you to try chkrootkit, to check there is no such rootkit on > your system... To put it correctly, since there is _NO_ way to assure that there isn't a rootkit: chkrootkit can be used to check whether there _are_ _known_ rootkits. BTW, there are other, similar programs that do the same. But my point is: You can never be sure, since a hypothesis can't be proven correct, just invalid. If there are indications a rootkit might be present, there's no secure way to remove it but to reinstall. -hwh -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 14:29 ` Hans-Werner Hilse @ 2007-08-06 14:49 ` sean 2007-08-06 15:14 ` Neil Bothwick 2007-08-06 18:09 ` Uwe Thiem 2007-08-06 17:36 ` [gentoo-user] " James 1 sibling, 2 replies; 14+ messages in thread From: sean @ 2007-08-06 14:49 UTC (permalink / raw To: gentoo-user Hans-Werner Hilse wrote: > Hi, > > On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote: > >> If you want to check there is no such program on your system, I >> advice you to try chkrootkit, to check there is no such rootkit on >> your system... > > To put it correctly, since there is _NO_ way to assure that there isn't > a rootkit: > > chkrootkit can be used to check whether there _are_ _known_ rootkits. > > BTW, there are other, similar programs that do the same. > But my point is: You can never be sure, since a hypothesis can't be > proven correct, just invalid. > > If there are indications a rootkit might be present, there's no secure > way to remove it but to reinstall. > > -hwh Hans, Xav, Thank You both, ran the root kit check no problems. -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 14:49 ` sean @ 2007-08-06 15:14 ` Neil Bothwick 2007-08-06 18:09 ` Uwe Thiem 1 sibling, 0 replies; 14+ messages in thread From: Neil Bothwick @ 2007-08-06 15:14 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 435 bytes --] On Mon, 06 Aug 2007 10:49:01 -0400, sean wrote: > Hans, Xav, Thank You both, ran the root kit check no problems. Which may not prove much. Rootkit detectors (I prefer rkhunter BTW) are most effective when installed before a computer is open to infection. If you install it on a machine that has already been rootkitted, the rootkit may be able to conceal itself. -- Neil Bothwick Excuse for the day: daemons did it [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 14:49 ` sean 2007-08-06 15:14 ` Neil Bothwick @ 2007-08-06 18:09 ` Uwe Thiem 2007-08-06 18:16 ` Paul 1 sibling, 1 reply; 14+ messages in thread From: Uwe Thiem @ 2007-08-06 18:09 UTC (permalink / raw To: gentoo-user On 06 August 2007, sean wrote: > Hans-Werner Hilse wrote: > > Hi, > > > > On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote: > >> If you want to check there is no such program on your system, I > >> advice you to try chkrootkit, to check there is no such rootkit on > >> your system... > > > > To put it correctly, since there is _NO_ way to assure that there isn't > > a rootkit: > > > > chkrootkit can be used to check whether there _are_ _known_ rootkits. > > > > BTW, there are other, similar programs that do the same. > > But my point is: You can never be sure, since a hypothesis can't be > > proven correct, just invalid. > > > > If there are indications a rootkit might be present, there's no secure > > way to remove it but to reinstall. > > > > -hwh > > Hans, Xav, Thank You both, ran the root kit check no problems. The problems remain: You can't be sure. :-( Uwe -- Jack Nicholson: My mother never saw the irony in calling me a son of a bitch. -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 18:09 ` Uwe Thiem @ 2007-08-06 18:16 ` Paul 0 siblings, 0 replies; 14+ messages in thread From: Paul @ 2007-08-06 18:16 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1274 bytes --] so there is always an assumption On 8/6/07, Uwe Thiem <uwix@iway.na> wrote: > > On 06 August 2007, sean wrote: > > Hans-Werner Hilse wrote: > > > Hi, > > > > > > On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> > wrote: > > >> If you want to check there is no such program on your system, I > > >> advice you to try chkrootkit, to check there is no such rootkit on > > >> your system... > > > > > > To put it correctly, since there is _NO_ way to assure that there > isn't > > > a rootkit: > > > > > > chkrootkit can be used to check whether there _are_ _known_ rootkits. > > > > > > BTW, there are other, similar programs that do the same. > > > But my point is: You can never be sure, since a hypothesis can't be > > > proven correct, just invalid. > > > > > > If there are indications a rootkit might be present, there's no secure > > > way to remove it but to reinstall. > > > > > > -hwh > > > > Hans, Xav, Thank You both, ran the root kit check no problems. > > The problems remain: You can't be sure. :-( > > Uwe > > -- > Jack Nicholson: My mother never saw the irony in calling me a son of a > bitch. > -- > gentoo-user@gentoo.org mailing list > > -- / / \ O / \/_( .__ / \ __\/ ) ./ ( [-- Attachment #2: Type: text/html, Size: 2173 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [gentoo-user] Re: Excessive processor usage 2007-08-06 14:29 ` Hans-Werner Hilse 2007-08-06 14:49 ` sean @ 2007-08-06 17:36 ` James 1 sibling, 0 replies; 14+ messages in thread From: James @ 2007-08-06 17:36 UTC (permalink / raw To: gentoo-user Hans-Werner Hilse <hilse <at> web.de> writes: > > If you want to check there is no such program on your system, I > > advice you to try chkrootkit, to check there is no such rootkit on > > your system... > To put it correctly, since there is _NO_ way to assure that there isn't > a rootkit: > chkrootkit can be used to check whether there _are_ _known_ rootkits. > BTW, there are other, similar programs that do the same. > But my point is: You can never be sure, since a hypothesis can't be > proven correct, just invalid. Well you are right and you are wrong. You are right for noobs. If the person has a second system and sets up a flat hub and the ethernet in stealth mode, you can sniff the ethernet I/O all day long and use a variety of tools to discern if nefarious activities abound on a given system. Sure it's a bit of work, but all hacked systems I've ever seen use the system to ethernet I/O. They can encrypt that traffic, but if you know what should/not be traversing the ethernet, there is no way to hide an actively compromised system. If the hacker scantly uses resources, and is elite, often it's the best thing for a noob, because they keep the systems in pristine condition.... building a gentoo based firewall, that runs off of a non rewritable media (CD and such) is definitely a good idea, if you want to control your resource utilization.... ymmv, hth, James -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [gentoo-user] Excessive processor usage 2007-08-06 11:50 [gentoo-user] Excessive processor usage sean 2007-08-06 11:56 ` Xav' 2007-08-06 12:03 ` Abraham Marín Pérez @ 2007-08-06 12:30 ` Duane Griffin 2 siblings, 0 replies; 14+ messages in thread From: Duane Griffin @ 2007-08-06 12:30 UTC (permalink / raw To: gentoo-user On 06/08/07, sean <tech.junk@verizon.net> wrote: > There seems to be a lot of excessive processor usage and I am trying to > track down why. > > Is anyone able to recommend the best way to track down what is causing > the excess processor usage? > > I have not noticed anything using top. You might want to look at sysstat for tracking system load: app-admin/sysstat Oprofile will track down exactly what is happening on your box (modulo particularly clever root-kits). It requires kernel support and can be a bit daunting, but is very powerful: dev-util/oprofile > Thanks > Sean Cheers, Duane. -- "I never could learn to drink that blood and call it wine" - Bob Dylan -- gentoo-user@gentoo.org mailing list ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2007-08-06 18:28 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-08-06 11:50 [gentoo-user] Excessive processor usage sean 2007-08-06 11:56 ` Xav' 2007-08-06 12:55 ` sean 2007-08-06 13:55 ` Volker Armin Hemmann 2007-08-06 14:49 ` sean 2007-08-06 12:03 ` Abraham Marín Pérez 2007-08-06 12:30 ` Xav' 2007-08-06 14:29 ` Hans-Werner Hilse 2007-08-06 14:49 ` sean 2007-08-06 15:14 ` Neil Bothwick 2007-08-06 18:09 ` Uwe Thiem 2007-08-06 18:16 ` Paul 2007-08-06 17:36 ` [gentoo-user] " James 2007-08-06 12:30 ` [gentoo-user] " Duane Griffin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox