public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Excessive processor usage
@ 2007-08-06 11:50 sean
  2007-08-06 11:56 ` Xav'
                   ` (2 more replies)
  0 siblings, 3 replies; 14+ messages in thread
From: sean @ 2007-08-06 11:50 UTC (permalink / raw
  To: gentoo-user

There seems to be a lot of excessive processor usage and I am trying to 
track down why.

Is anyone able to recommend the best way to track down what is causing 
the excess processor usage?

I have not noticed anything using top.

					Thanks
					Sean

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 11:50 [gentoo-user] Excessive processor usage sean
@ 2007-08-06 11:56 ` Xav'
  2007-08-06 12:55   ` sean
  2007-08-06 12:03 ` Abraham Marín Pérez
  2007-08-06 12:30 ` [gentoo-user] " Duane Griffin
  2 siblings, 1 reply; 14+ messages in thread
From: Xav' @ 2007-08-06 11:56 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 510 bytes --]

sean a écrit :
> There seems to be a lot of excessive processor usage and I am trying to
> track down why.
> 
> Is anyone able to recommend the best way to track down what is causing
> the excess processor usage?
> 
> I have not noticed anything using top.
So how do you know there is an excessive processor usage ? Could you describe
more precisely what you want to mean ?
> 
>                     Thanks
>                     Sean
> 

Regards,
Xavier Parizet

--
http://www.linuxant.fr


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 11:50 [gentoo-user] Excessive processor usage sean
  2007-08-06 11:56 ` Xav'
@ 2007-08-06 12:03 ` Abraham Marín Pérez
  2007-08-06 12:30   ` Xav'
  2007-08-06 12:30 ` [gentoo-user] " Duane Griffin
  2 siblings, 1 reply; 14+ messages in thread
From: Abraham Marín Pérez @ 2007-08-06 12:03 UTC (permalink / raw
  To: gentoo-user

sean escribió:
> There seems to be a lot of excessive processor usage and I am trying 
> to track down why.
>
> Is anyone able to recommend the best way to track down what is causing 
> the excess processor usage?
>
> I have not noticed anything using top.
>
>                     Thanks
>                     Sean
>
If top doesn't show up anything only two things come to my mind:

1) There's no excess processor usage
2) Someone compromised your system and maybe added an application that 
is using you cpu, but also changed top so it doesn't show this new 
application (might seem paranoid, but I've seen it before).

Abraham

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 12:03 ` Abraham Marín Pérez
@ 2007-08-06 12:30   ` Xav'
  2007-08-06 14:29     ` Hans-Werner Hilse
  0 siblings, 1 reply; 14+ messages in thread
From: Xav' @ 2007-08-06 12:30 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 917 bytes --]

Abraham Marín Pérez a écrit :
> sean escribió:
>> There seems to be a lot of excessive processor usage and I am trying
>> to track down why.
>>
>> Is anyone able to recommend the best way to track down what is causing
>> the excess processor usage?
>>
>> I have not noticed anything using top.
>>
>>                     Thanks
>>                     Sean
>>
> If top doesn't show up anything only two things come to my mind:
> 
> 1) There's no excess processor usage
> 2) Someone compromised your system and maybe added an application that
> is using you cpu, but also changed top so it doesn't show this new
> application (might seem paranoid, but I've seen it before).
> 
> Abraham
> 
If you want to check there is no such program on your system, I advice you to
try chkrootkit, to check there is no such rootkit on your system...

Regards,
Xavier Parizet

--
http://www.linuxant.fr


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 11:50 [gentoo-user] Excessive processor usage sean
  2007-08-06 11:56 ` Xav'
  2007-08-06 12:03 ` Abraham Marín Pérez
@ 2007-08-06 12:30 ` Duane Griffin
  2 siblings, 0 replies; 14+ messages in thread
From: Duane Griffin @ 2007-08-06 12:30 UTC (permalink / raw
  To: gentoo-user

On 06/08/07, sean <tech.junk@verizon.net> wrote:
> There seems to be a lot of excessive processor usage and I am trying to
> track down why.
>
> Is anyone able to recommend the best way to track down what is causing
> the excess processor usage?
>
> I have not noticed anything using top.

You might want to look at sysstat for tracking system load:
app-admin/sysstat

Oprofile will track down exactly what is happening on your box (modulo
particularly clever root-kits). It requires kernel support and can be
a bit daunting, but is very powerful:
dev-util/oprofile

>                                         Thanks
>                                         Sean

Cheers,
Duane.

-- 
"I never could learn to drink that blood and call it wine" - Bob Dylan
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 11:56 ` Xav'
@ 2007-08-06 12:55   ` sean
  2007-08-06 13:55     ` Volker Armin Hemmann
  0 siblings, 1 reply; 14+ messages in thread
From: sean @ 2007-08-06 12:55 UTC (permalink / raw
  To: gentoo-user

Xav' wrote:

> So how do you know there is an excessive processor usage ? Could you describe
> more precisely what you want to mean ?

Have gkrellm2 monitoring CPU usage and often for varied lengths of time 
will see a long and increased processor usage, this usually occurs on CPU1.
Things get a bit sluggish when this happens. This is a recent problem.

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 12:55   ` sean
@ 2007-08-06 13:55     ` Volker Armin Hemmann
  2007-08-06 14:49       ` sean
  0 siblings, 1 reply; 14+ messages in thread
From: Volker Armin Hemmann @ 2007-08-06 13:55 UTC (permalink / raw
  To: gentoo-user

On Montag, 6. August 2007, sean wrote:
> Xav' wrote:
> > So how do you know there is an excessive processor usage ? Could you
> > describe more precisely what you want to mean ?
>
> Have gkrellm2 monitoring CPU usage and often for varied lengths of time
> will see a long and increased processor usage, this usually occurs on CPU1.
> Things get a bit sluggish when this happens. This is a recent problem.

I suspect IO. Disk IO makes everything slow. Especially if swap is involved.
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 12:30   ` Xav'
@ 2007-08-06 14:29     ` Hans-Werner Hilse
  2007-08-06 14:49       ` sean
  2007-08-06 17:36       ` [gentoo-user] " James
  0 siblings, 2 replies; 14+ messages in thread
From: Hans-Werner Hilse @ 2007-08-06 14:29 UTC (permalink / raw
  To: gentoo-user

Hi,

On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote:

> If you want to check there is no such program on your system, I
> advice you to try chkrootkit, to check there is no such rootkit on
> your system...

To put it correctly, since there is _NO_ way to assure that there isn't
a rootkit:

chkrootkit can be used to check whether there _are_ _known_ rootkits.

BTW, there are other, similar programs that do the same.
But my point is: You can never be sure, since a hypothesis can't be
proven correct, just invalid.

If there are indications a rootkit might be present, there's no secure
way to remove it but to reinstall.

-hwh
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 14:29     ` Hans-Werner Hilse
@ 2007-08-06 14:49       ` sean
  2007-08-06 15:14         ` Neil Bothwick
  2007-08-06 18:09         ` Uwe Thiem
  2007-08-06 17:36       ` [gentoo-user] " James
  1 sibling, 2 replies; 14+ messages in thread
From: sean @ 2007-08-06 14:49 UTC (permalink / raw
  To: gentoo-user

Hans-Werner Hilse wrote:
> Hi,
> 
> On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote:
> 
>> If you want to check there is no such program on your system, I
>> advice you to try chkrootkit, to check there is no such rootkit on
>> your system...
> 
> To put it correctly, since there is _NO_ way to assure that there isn't
> a rootkit:
> 
> chkrootkit can be used to check whether there _are_ _known_ rootkits.
> 
> BTW, there are other, similar programs that do the same.
> But my point is: You can never be sure, since a hypothesis can't be
> proven correct, just invalid.
> 
> If there are indications a rootkit might be present, there's no secure
> way to remove it but to reinstall.
> 
> -hwh


Hans, Xav, Thank You both, ran the root kit check no problems.

			
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 13:55     ` Volker Armin Hemmann
@ 2007-08-06 14:49       ` sean
  0 siblings, 0 replies; 14+ messages in thread
From: sean @ 2007-08-06 14:49 UTC (permalink / raw
  To: gentoo-user

Volker Armin Hemmann wrote:
> On Montag, 6. August 2007, sean wrote:
>> Xav' wrote:
>>> So how do you know there is an excessive processor usage ? Could you
>>> describe more precisely what you want to mean ?
>> Have gkrellm2 monitoring CPU usage and often for varied lengths of time
>> will see a long and increased processor usage, this usually occurs on CPU1.
>> Things get a bit sluggish when this happens. This is a recent problem.
> 
> I suspect IO. Disk IO makes everything slow. Especially if swap is involved.

Thanks Volker,

	I will have to look this one over carefully.

		
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 14:49       ` sean
@ 2007-08-06 15:14         ` Neil Bothwick
  2007-08-06 18:09         ` Uwe Thiem
  1 sibling, 0 replies; 14+ messages in thread
From: Neil Bothwick @ 2007-08-06 15:14 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 435 bytes --]

On Mon, 06 Aug 2007 10:49:01 -0400, sean wrote:

> Hans, Xav, Thank You both, ran the root kit check no problems.

Which may not prove much. Rootkit detectors (I prefer rkhunter BTW) are
most effective when installed before a computer is open to infection. If
you install it on a machine that has already been rootkitted, the rootkit
may be able to conceal itself.


-- 
Neil Bothwick

Excuse for the day: daemons did it

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [gentoo-user]  Re: Excessive processor usage
  2007-08-06 14:29     ` Hans-Werner Hilse
  2007-08-06 14:49       ` sean
@ 2007-08-06 17:36       ` James
  1 sibling, 0 replies; 14+ messages in thread
From: James @ 2007-08-06 17:36 UTC (permalink / raw
  To: gentoo-user

Hans-Werner Hilse <hilse <at> web.de> writes:

> > If you want to check there is no such program on your system, I
> > advice you to try chkrootkit, to check there is no such rootkit on
> > your system...

> To put it correctly, since there is _NO_ way to assure that there isn't
> a rootkit:

> chkrootkit can be used to check whether there _are_ _known_ rootkits.

> BTW, there are other, similar programs that do the same.
> But my point is: You can never be sure, since a hypothesis can't be
> proven correct, just invalid.


Well you are right and you are wrong.
You are right for noobs.

If the person has a second system and sets up a flat hub and the
ethernet in stealth mode, you can sniff the ethernet I/O all day
long and use a variety of tools to discern if nefarious activities
abound on a given system. Sure it's a bit of work, but all hacked
systems I've ever seen use the system to ethernet I/O.  They can
encrypt that traffic, but if you know what should/not be traversing
the ethernet, there is no way to hide an actively compromised 
system. 

If the hacker scantly uses resources, and is elite, often it's the
best thing for a noob, because they keep the systems in pristine
condition....

building a gentoo based firewall, that runs off of a  non rewritable
media (CD and such) is definitely a good idea, if you want to 
control your resource utilization....


ymmv,
hth,

James



-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 14:49       ` sean
  2007-08-06 15:14         ` Neil Bothwick
@ 2007-08-06 18:09         ` Uwe Thiem
  2007-08-06 18:16           ` Paul
  1 sibling, 1 reply; 14+ messages in thread
From: Uwe Thiem @ 2007-08-06 18:09 UTC (permalink / raw
  To: gentoo-user

On 06 August 2007, sean wrote:
> Hans-Werner Hilse wrote:
> > Hi,
> >
> > On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr> wrote:
> >> If you want to check there is no such program on your system, I
> >> advice you to try chkrootkit, to check there is no such rootkit on
> >> your system...
> >
> > To put it correctly, since there is _NO_ way to assure that there isn't
> > a rootkit:
> >
> > chkrootkit can be used to check whether there _are_ _known_ rootkits.
> >
> > BTW, there are other, similar programs that do the same.
> > But my point is: You can never be sure, since a hypothesis can't be
> > proven correct, just invalid.
> >
> > If there are indications a rootkit might be present, there's no secure
> > way to remove it but to reinstall.
> >
> > -hwh
>
> Hans, Xav, Thank You both, ran the root kit check no problems.

The problems remain: You can't be sure. :-(

Uwe

-- 
Jack Nicholson: My mother never saw the irony in calling me a son of a bitch.
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [gentoo-user] Excessive processor usage
  2007-08-06 18:09         ` Uwe Thiem
@ 2007-08-06 18:16           ` Paul
  0 siblings, 0 replies; 14+ messages in thread
From: Paul @ 2007-08-06 18:16 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1274 bytes --]

so there is always an assumption

On 8/6/07, Uwe Thiem <uwix@iway.na> wrote:
>
> On 06 August 2007, sean wrote:
> > Hans-Werner Hilse wrote:
> > > Hi,
> > >
> > > On Mon, 06 Aug 2007 14:30:01 +0200 "Xav'" <blackhawk@linuxant.fr>
> wrote:
> > >> If you want to check there is no such program on your system, I
> > >> advice you to try chkrootkit, to check there is no such rootkit on
> > >> your system...
> > >
> > > To put it correctly, since there is _NO_ way to assure that there
> isn't
> > > a rootkit:
> > >
> > > chkrootkit can be used to check whether there _are_ _known_ rootkits.
> > >
> > > BTW, there are other, similar programs that do the same.
> > > But my point is: You can never be sure, since a hypothesis can't be
> > > proven correct, just invalid.
> > >
> > > If there are indications a rootkit might be present, there's no secure
> > > way to remove it but to reinstall.
> > >
> > > -hwh
> >
> > Hans, Xav, Thank You both, ran the root kit check no problems.
>
> The problems remain: You can't be sure. :-(
>
> Uwe
>
> --
> Jack Nicholson: My mother never saw the irony in calling me a son of a
> bitch.
> --
> gentoo-user@gentoo.org mailing list
>
>


-- 
               /
              /
      \ O  /
       \/_(
.__  /   \
  __\/     )
./         (

[-- Attachment #2: Type: text/html, Size: 2173 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2007-08-06 18:28 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-06 11:50 [gentoo-user] Excessive processor usage sean
2007-08-06 11:56 ` Xav'
2007-08-06 12:55   ` sean
2007-08-06 13:55     ` Volker Armin Hemmann
2007-08-06 14:49       ` sean
2007-08-06 12:03 ` Abraham Marín Pérez
2007-08-06 12:30   ` Xav'
2007-08-06 14:29     ` Hans-Werner Hilse
2007-08-06 14:49       ` sean
2007-08-06 15:14         ` Neil Bothwick
2007-08-06 18:09         ` Uwe Thiem
2007-08-06 18:16           ` Paul
2007-08-06 17:36       ` [gentoo-user] " James
2007-08-06 12:30 ` [gentoo-user] " Duane Griffin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox