| View previous topic :: View next topic |
| Author |
Message |
southsider
Guru
Joined: 05 Jul 2004
Posts: 358
|
 Posted: Wed Jan 12, 2005 4:52 pm Post subject: Random awking... am I being 0wned or what? |
 |
|
| Quote: | alex@flashpoint alex $ ps aux | grep awk
root 14639 7.0 0.1 2352 1280 ? SN 16:00 0:02 /bin/awk ??? function readline() {?? if (use_zcat || use_bzcat) {???result = (pipe_cmd | getline);???if (result < 0) {??? print "Pipe error: " pipe_cmd " " ERRNO > "/dev/stderr";???}?? } else {???result = (getline < filename);???if (result < 0) {??? print "Read file error: " filename " " ERRNO > "/dev/stderr";???}?? }?? return result;?? }?? ?? function closeline() {?? if (use_zcat || use_bzcat) {???return close(pipe_cmd);?? } else {???return close(filename);?? }?? }?? ?? function do_one() {?? insh = 0; thisjoin = 1; done = 0;?? entire_line = "";??? if (verbose) {???print "adding " filename >
"/dev/stderr"?? }?? ?? use_zcat = match(filename,"\\.Z$") ||???? match(filename,"\\.z$") || match(filename,"\\.gz$");?? if (!use_zcat)???use_bzcat = match(filename,"\\.bz2");?? if (use_zcat || use_bzcat) {???filename_no_gz = substr(filename, 0, RSTART - 1);?? } else {???filename_no_gz = filename;?? }?? match(filename_no_gz, "/[^/]+$");?? progname = substr(filename, RSTART + 1, RLENGTH - 1);?? if (match(progname, "\\." section "[A-Za-z]+")) {???actual_section = substr(progname, RSTART + 1, RLENGTH - 1);?? } else {???actual_section = section;?? }?? sub(/\..*/, "", progname);?? if (use_zcat || use_bzcat) {???if (use_zcat) {??? pipe_cmd = "zcat \"" filename "\"";???} else {??? pipe_cmd = "bzcat \"" filename "\"";???}???# try to avoid suspicious stuff???if (filename ~ /[;&|`$(]/) {??? print "ignored strange file name " filename " in " curdir > "/dev/stderr";??? return;???}??
[Ss][HhYS]/ ||??? (pages == "cat" &&??? ($1 ~ /^S[yYeE]/ || $1 ~ /^DESCRIPTION/ ||??? $1 ~ /^COMMAND/ || $1 ~ /^OVERVIEW/ ||??? $1 ~ /^STRUCTURES/ || $1 ~ /^INTRODUCTION/ ||??? $0 ~ /^[^ ]/))) {??? # end insh for Synopsis, Syntax, but also for??? # DESCRIPTION (e.g., XFree86.1x),??? # COMMAND (e.g., xspread.1)??? # OVERVIEW (e.g., TclCommandWriting.3)??? # STRUCTURES (e.g., XEvent.3x)??? # INTRODUCTION (e.g., TclX.n)??? # and anything at all that begins in Column 1, so ??? # is probably a section header.??? done = 1;??? } else {??? if ($0 ~ progname"-") { # Fix old cat pages????sub(progname"-", progname" - ");??? }??? if ($0 ~ /[^ \\]-$/) {??? sub(/-$/, "");? # Handle Hyphenations??? nextjoin = 1;??? }
else if ($0 ~ /\\c$/) {??? sub(/\\c$/, "");? # Handle Continuations??? nextjoin = 1;??? } else??? nextjoin = 0;???? sub(/^.[IB] /, ""); # Kill bold and italics??? sub(/^.BI /, ""); #??? sub(/^.SM /, ""); # Kill small??? sub(/^.Nm /, ""); # Kill bold??? sub(/^.Tn /, ""); # Kill normal?? sub(/^.Li /, ""); # Kill .Li?? sub(/^.Dq /, ""); # Kill .Dq?? sub(/^.Nd
*/, "- "); # Convert .Nd to dash??? sub(/\\\".*/, ""); # Trim pending comments??? sub(/ *$/, ""); # Trim pending spaces??? sub(/^\.$/, ""); # Kill blank comments??? sub(/^'.*/, ""); # Kill comment/troff lines??? sub(/^.in .*/, ""); # Kill various macros??? sub(/^.ti .*/, "");??? sub(/^.ta .*/, "");??? sub(/^.Vb .*/, "");??? sub(/^.[PLTH]P$/, ""); # .PP/.LP/.TP/.HP??? sub(/^.Pp$/, "");??? sub(/^.IX .*$/, "");??? sub(/^.nolinks$/, "");??? sub(/^.B$/, "");??
|
Excuse the terrible formatting I couldn't copy and paste it all at once due to Gnome clipboard being crap.
Anyway this thing started up randomly and disappeared after a minute or so. Any idea what it is? |
|
| Back to top |
|
 |
ToeiRei
Veteran
Joined: 03 Jan 2005
Posts: 1191
Location: Austria
|
| Posted: Thu Jan 13, 2005 12:45 am Post subject: |
|
|
If you feel like being hacked, you could emerge rkhunter and let it check your disc.
Rei
_________________
Please stand by - The mailer daemon is busy burning your messages in hell... |
|
| Back to top |
|
|
grant.mcdorman
Apprentice
Joined: 29 Jan 2003
Posts: 295
Location: Toronto, ON, Canada
|
| Posted: Thu Jan 13, 2005 5:45 pm Post subject: |
|
|
| No, you're not being hacked. That's /usr/sbin/makewhatis. Look in /etc/cron.dailly and /etc/cron.monthly; with my setup (vixie-cron) it's run monthly. It's also possible to run daily. |
|
| Back to top |
|
|
southsider
Guru
Joined: 05 Jul 2004
Posts: 358
|
| Posted: Thu Jan 13, 2005 7:07 pm Post subject: |
|
|
Thanks for the info!  |
|
| Back to top |
|
|
jubo
Tux's lil' helper
Joined: 30 Aug 2004
Posts: 87
|
| Posted: Fri Apr 15, 2005 11:08 pm Post subject: |
|
|
| good call! i just saw that on my box today and I thought I was getting pwned too. |
|
| Back to top |
|
|
je_fro
Retired Dev
Joined: 14 Dec 2002
Posts: 236
Location: Republic of Texas
|
| Posted: Sat Sep 17, 2005 3:20 pm Post subject: but for a day? |
|
|
So I have that same process running here every saturday, (cron.weekly) only it runs for hours and hours without quitting. my cpu is pegged at 100%.
This puppy isn't supposed to run that long, is it?
_________________
Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect.
--Linus Torvalds
My site with some gentoo config files:
http://je-fro.net/page.html |
|
| Back to top |
|
|
Taladar
Guru
Joined: 09 Oct 2004
Posts: 458
Location: Bielefeld, Germany
|
| Posted: Sat Sep 17, 2005 4:49 pm Post subject: |
|
|
| Just for people checking this thread later. Mounting something with shfs also produces similar line noisy commands in your process list, the only difference is, those start with "perl" |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
