Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#1 2020-04-15 17:31:12
Blackhole - 
Użytkownik
Mój VPS podobno atakuje
Hej!
Migruję właśnie VPS i zrobiłem upgrade do Debian-a 10.
Od dostawcy VPS-a dostałem dziś info, że z mojego VPS wykonywane są ataki (brute force) na inne serwery.
Przysłał mi logi (moje IP zamieniłem na ciąg <IP mego VPS-a>):
Hello,
This is an automated message. The information provided below is to assist you in tracking down abusive behavior.
The IP address <IP mego VPS-a> has been found to be abusive toward our servers and has been banned from our network.
The following log entries are provided to assist you with tracking down any problems.
Apr 13 23:47:13 deckard sshd[2628253]: Invalid user ts3server from <IP mego VPS-a>
Apr 13 23:47:13 deckard sshd[2628253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a>
Apr 13 23:47:14 deckard sshd[2628253]: Failed password for invalid user ts3server from <IP mego VPS-a> port 53176 ssh2
Apr 13 23:55:46 deckard sshd[2630490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 13 23:55:48 deckard sshd[2630490]: Failed password for root from <IP mego VPS-a> port 56396 ssh2
Apr 14 15:51:26 bryant sshd[1805731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 14 15:51:28 bryant sshd[1805731]: Failed password for root from <IP mego VPS-a> port 37020 ssh2
Apr 14 16:01:57 bryant sshd[1809298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 14 16:01:59 bryant sshd[1809298]: Failed password for root from <IP mego VPS-a> port 41528 ssh2
Apr 14 16:05:56 bryant sshd[1810365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 14 15:57:05 rachael sshd[3395958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 14 15:57:07 rachael sshd[3395958]: Failed password for root from <IP mego VPS-a> port 57018 ssh2
Apr 14 16:03:18 rachael sshd[3397624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 14 16:03:20 rachael sshd[3397624]: Failed password for root from <IP mego VPS-a> port 38596 ssh2
Apr 14 16:07:20 rachael sshd[3399336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
If you require additional information, it can be requested from abuse@liquidweb.com
-----------------------
Dear Sir/Madam,
We have detected abuse from the IP address ( <IP mego VPS-a> ), which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate. Any feedback is welcome but not mandatory.
Log lines are given below, but please ask if you require any further information.
(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by Fail2Ban.)
IP of the attacker: <IP mego VPS-a>
You can contact us by using: abuse-reply@keyweb.de
Addresses to send to:
abuse@artnet.pl
==================== Excerpt from log for <IP mego VPS-a> ====================
Note: Local timezone is +0200 (CEST)
Apr 15 00:14:49 shared01 sshd[13957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 15 00:14:51 shared01 sshd[13957]: Failed password for root from <IP mego VPS-a> port 58154 ssh2
Apr 15 00:14:52 shared01 sshd[13957]: Received disconnect from <IP mego VPS-a> port 58154:11: Bye Bye [preauth]
Apr 15 00:14:52 shared01 sshd[13957]: Disconnected from authenticating user root <IP mego VPS-a> port 58154 [preauth]
Apr 15 00:18:48 shared01 sshd[15665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<IP mego VPS-a> user=root
Apr 15 00:18:50 shared01 sshd[15665]: Failed password for root from <IP mego VPS-a> port 40152 ssh2
Apr 15 00:18:50 shared01 sshd[15665]: Received disconnect from <IP mego VPS-a> port 40152:11: Bye Bye [preauth]
Apr 15 00:18:50 shared01 sshd[15665]: Disconnected from authenticating user root <IP mego VPS-a> port 40152 [preauth]
-----------------------
---------- Forwarded message ----------
Date: Wed, 15 Apr 2020 08:05:22
From: abuse+noreply@profihost.com
Reply-To: noc@profihost.ag
To: abuse@artnet.pl
Subject: SPAM brute-force from your network / domain (<IP mego VPS-a>)
An attempt to brute-force account passwords over SSH/FTP by a machine in your domain or in your network has been detected. Attached are the host who attacks and time / date of activity. Please take the necessary action(s) to stop this activity immediately. If you have any questions please reply to this email.
Host of attacker: <IP mego VPS-a> => <IP mego VPS-a> => <IP mego VPS-a>
Responsible email contacts: abuse@artnet.pl
Attacked hosts in our Network: 77.75.250.79, 37.228.159.101, 185.39.223.20, 178.250.12.103, 178.250.10.54, 77.75.255.143, 178.250.12.137, 185.39.221.214
Logfile entries (time is MET / GMT+1):
Wed Apr 15 08:04:35 2020: user: root service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Wed Apr 15 08:01:25 2020: user: exx service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Wed Apr 15 07:58:15 2020: user: default service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Wed Apr 15 07:54:55 2020: user: root service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Wed Apr 15 07:51:45 2020: user: butter service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Wed Apr 15 07:29:45 2020: user: root service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Wed Apr 15 05:54:56 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Wed Apr 15 05:51:36 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Wed Apr 15 05:47:56 2020: user: craft service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Wed Apr 15 05:44:26 2020: user: smartshare service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Wed Apr 15 05:34:16 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Wed Apr 15 00:20:45 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Wed Apr 15 00:17:05 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Wed Apr 15 00:06:55 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 20:22:47 2020: user: root service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 20:19:37 2020: user: musicyxy service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 20:16:27 2020: user: b service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 20:13:27 2020: user: root service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 20:10:27 2020: user: root service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 20:07:27 2020: user: ppldtepe service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 20:04:27 2020: user: mcUser service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 19:52:36 2020: user: admin service: ssh target: 185.39.223.20 source: <IP mego VPS-a>
Tue Apr 14 17:15:04 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 17:11:14 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 17:05:14 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 08:38:52 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 08:36:42 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 08:34:32 2020: user: root service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 08:32:22 2020: user: admin service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 08:30:12 2020: user: ffff service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 08:23:02 2020: user: applmgr service: ssh target: 77.75.250.79 source: <IP mego VPS-a>
Tue Apr 14 05:57:36 2020: user: root service: ssh target: 178.250.12.103 source: <IP mego VPS-a>
Tue Apr 14 05:56:26 2020: user: root service: ssh target: 178.250.12.137 source: <IP mego VPS-a>
Tue Apr 14 05:56:16 2020: user: root service: ssh target: 77.75.255.143 source: <IP mego VPS-a>
Tue Apr 14 05:56:09 2020: user: root service: ssh target: 178.250.10.54 source: <IP mego VPS-a>
Tue Apr 14 05:56:06 2020: user: root service: ssh target: 37.228.159.101 source: <IP mego VPS-a>
Tue Apr 14 05:55:36 2020: user: root service: ssh target: 185.39.221.214 source: <IP mego VPS-a>
Tue Apr 14 05:54:06 2020: user: ts3server service: ssh target: 178.250.12.103 source: <IP mego VPS-a>
Tue Apr 14 05:49:36 2020: user: ts3server service: ssh target: 178.250.12.137 source: <IP mego VPS-a>
Tue Apr 14 05:49:06 2020: user: ts3server service: ssh target: 77.75.255.143 source: <IP mego VPS-a>
Tue Apr 14 05:48:26 2020: user: ts3server service: ssh target: 37.228.159.101 source: <IP mego VPS-a>
Tue Apr 14 05:48:08 2020: user: ts3server service: ssh target: 178.250.10.54 source: <IP mego VPS-a>
Tue Apr 14 05:46:16 2020: user: ts3server service: ssh target: 185.39.221.214 source: <IP mego VPS-a>
Regards,
Profihost AG Team
Jak sprawdzić, jaki program dokonywał tego? Gdzie znaleźć logi?
Bardzo proszę o pomoc. Dostawca VPS-a chce ode mnie szybkiej reakcji, a ja nie za wiele wiem o tych aspektach.
Offline
#2 2020-04-15 18:54:41
mati75 - Psuj
- mati75
- Psuj
- Skąd: masz ten towar?
- Zarejestrowany: 2010-03-14
Re: Mój VPS podobno atakuje
Coś poza teamspeakiem masz na tym vpsie? Jakieś wordpressy czy inne cuda? Zrób zrzut wszystkie poleceń:
Kod:
ps aux -L
Offline
#3 2020-04-15 19:42:04
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Wynik
Kod:
ps aux -L
Kod:
USER PID LWP %CPU NLWP %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 1 0.0 1 0.3 170860 7436 ? Ss kwi05 0:49 /sbin/init root 2 2 0.0 1 0.0 0 0 ? S kwi05 0:00 [kthreadd] root 3 3 0.0 1 0.0 0 0 ? I< kwi05 0:00 [rcu_gp] root 4 4 0.0 1 0.0 0 0 ? I< kwi05 0:00 [rcu_par_gp] root 6 6 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kworker/0:0H-kblockd] root 8 8 0.0 1 0.0 0 0 ? I< kwi05 0:00 [mm_percpu_wq] root 9 9 0.0 1 0.0 0 0 ? S kwi05 10:30 [ksoftirqd/0] root 10 10 0.1 1 0.0 0 0 ? I kwi05 17:53 [rcu_sched] root 11 11 0.0 1 0.0 0 0 ? I kwi05 0:00 [rcu_bh] root 12 12 0.0 1 0.0 0 0 ? S kwi05 0:01 [migration/0] root 14 14 0.0 1 0.0 0 0 ? S kwi05 0:00 [cpuhp/0] root 15 15 0.0 1 0.0 0 0 ? S kwi05 0:00 [kdevtmpfs] root 16 16 0.0 1 0.0 0 0 ? I< kwi05 0:00 [netns] root 17 17 0.0 1 0.0 0 0 ? S kwi05 0:00 [kauditd] root 18 18 0.0 1 0.0 0 0 ? S kwi05 0:00 [khungtaskd] root 19 19 0.0 1 0.0 0 0 ? S kwi05 0:00 [oom_reaper] root 20 20 0.0 1 0.0 0 0 ? I< kwi05 0:00 [writeback] root 21 21 0.0 1 0.0 0 0 ? S kwi05 0:00 [kcompactd0] root 22 22 0.0 1 0.0 0 0 ? SN kwi05 0:00 [ksmd] root 23 23 0.0 1 0.0 0 0 ? SN kwi05 2:21 [khugepaged] root 24 24 0.0 1 0.0 0 0 ? I< kwi05 0:00 [crypto] root 25 25 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kintegrityd] root 26 26 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kblockd] root 27 27 0.0 1 0.0 0 0 ? I< kwi05 0:00 [edac-poller] root 28 28 0.0 1 0.0 0 0 ? I< kwi05 0:00 [devfreq_wq] root 29 29 0.0 1 0.0 0 0 ? S kwi05 0:00 [watchdogd] root 30 30 0.0 1 0.0 0 0 ? R kwi05 2:50 [kswapd0] root 48 48 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kthrotld] root 49 49 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ipv6_addrconf] root 59 59 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kstrp] root 100 100 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ata_sff] root 101 101 0.0 1 0.0 0 0 ? S kwi05 1:33 [scsi_eh_0] root 102 102 0.0 1 0.0 0 0 ? I< kwi05 0:00 [scsi_tmf_0] root 103 103 0.0 1 0.0 0 0 ? S kwi05 0:00 [scsi_eh_1] root 104 104 0.0 1 0.0 0 0 ? I< kwi05 0:00 [scsi_tmf_1] root 106 106 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ttm_swap] root 107 107 0.0 1 0.0 0 0 ? I< kwi05 8:38 [kworker/0:1H-kblockd] root 148 148 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kworker/u3:0] root 150 150 0.1 1 0.0 0 0 ? S kwi05 22:02 [jbd2/sda1-8] root 151 151 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ext4-rsv-conver] root 185 185 0.0 1 0.4 46164 10084 ? Ss kwi05 6:07 /lib/systemd/systemd-journald root 206 206 0.0 1 0.0 0 0 ? I< kwi05 0:00 [rpciod] root 207 207 0.0 1 0.0 0 0 ? I< kwi05 0:00 [xprtiod] root 219 219 0.0 1 0.1 23628 2732 ? Ss kwi05 0:01 /lib/systemd/systemd-udevd systemd+ 228 228 0.0 2 0.2 95144 4536 ? Ssl kwi05 0:01 /lib/systemd/systemd-timesyncd systemd+ 228 232 0.0 2 0.2 95144 4536 ? Ssl kwi05 0:00 /lib/systemd/systemd-timesyncd _rpc 230 230 0.0 1 0.1 6896 2532 ? Ss kwi05 0:01 /sbin/rpcbind -f -w root 358 358 0.0 3 0.2 239128 4204 ? Ssl kwi05 0:01 /usr/lib/accountsservice/accounts-daemon root 358 386 0.0 3 0.2 239128 4204 ? Ssl kwi05 0:55 /usr/lib/accountsservice/accounts-daemon root 358 399 0.0 3 0.2 239128 4204 ? Ssl kwi05 0:00 /usr/lib/accountsservice/accounts-daemon root 360 360 0.0 4 0.1 226024 3172 ? Ssl kwi05 0:00 /usr/sbin/rsyslogd -n -iNONE root 360 390 0.0 4 0.1 226024 3172 ? Ssl kwi05 0:22 /usr/sbin/rsyslogd -n -iNONE root 360 391 0.0 4 0.1 226024 3172 ? Ssl kwi05 0:00 /usr/sbin/rsyslogd -n -iNONE root 360 392 0.0 4 0.1 226024 3172 ? Ssl kwi05 0:27 /usr/sbin/rsyslogd -n -iNONE root 368 368 0.0 1 0.1 8700 2176 ? Ss kwi05 0:03 /usr/sbin/cron -f root 369 369 0.0 5 0.2 398848 4732 ? Ssl kwi05 0:01 /usr/lib/udisks2/udisksd root 369 387 0.0 5 0.2 398848 4732 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 369 400 0.0 5 0.2 398848 4732 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 369 480 0.0 5 0.2 398848 4732 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 369 569 0.0 5 0.2 398848 4732 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 370 370 0.0 1 0.2 19968 4912 ? Ss kwi05 0:03 /lib/systemd/systemd-logind rtkit 372 372 0.0 3 0.1 152844 2168 ? SNsl kwi05 0:00 /usr/lib/rtkit/rtkit-daemon rtkit 372 403 0.0 3 0.1 152844 2168 ? Ssl kwi05 0:04 /usr/lib/rtkit/rtkit-daemon rtkit 372 404 0.0 3 0.1 152844 2168 ? SNsl kwi05 0:02 /usr/lib/rtkit/rtkit-daemon root 376 376 0.0 1 0.0 2324 660 ? Ss kwi05 0:00 /usr/sbin/acpid root 377 377 0.0 3 0.1 318336 3464 ? Ssl kwi05 0:00 /usr/sbin/ModemManager --filter-policy=strict root 377 395 0.0 3 0.1 318336 3464 ? Ssl kwi05 0:00 /usr/sbin/ModemManager --filter-policy=strict root 377 401 0.0 3 0.1 318336 3464 ? Ssl kwi05 0:00 /usr/sbin/ModemManager --filter-policy=strict message+ 378 378 0.0 1 0.2 10648 4176 ? Ss kwi05 1:03 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 379 379 0.0 3 0.1 333384 3748 ? Ssl kwi05 0:01 /usr/sbin/NetworkManager --no-daemon root 379 422 0.0 3 0.1 333384 3748 ? Ssl kwi05 0:08 /usr/sbin/NetworkManager --no-daemon root 379 432 0.0 3 0.1 333384 3748 ? Ssl kwi05 0:00 /usr/sbin/NetworkManager --no-daemon root 380 380 0.0 1 0.1 19768 2440 ? Ss kwi05 0:02 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant daemon 398 398 0.0 1 0.0 5684 1796 ? Ss kwi05 0:00 /usr/sbin/atd -f root 415 415 0.0 3 0.2 237752 5996 ? Ssl kwi05 0:07 /usr/lib/policykit-1/polkitd --no-debug root 415 423 0.0 3 0.2 237752 5996 ? Ssl kwi05 0:00 /usr/lib/policykit-1/polkitd --no-debug root 415 425 0.0 3 0.2 237752 5996 ? Ssl kwi05 0:20 /usr/lib/policykit-1/polkitd --no-debug root 465 465 0.0 3 0.1 313436 3940 ? SLsl kwi05 0:00 /usr/sbin/lightdm root 465 510 0.0 3 0.1 313436 3940 ? SLsl kwi05 0:00 /usr/sbin/lightdm root 465 513 0.0 3 0.1 313436 3940 ? SLsl kwi05 0:00 /usr/sbin/lightdm root 518 518 0.0 2 1.5 341432 30688 tty7 Ssl+ kwi05 9:24 /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch root 518 1023 0.0 2 1.5 341432 30688 tty7 Ssl+ kwi05 0:00 /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch root 519 519 0.0 1 0.2 15948 5620 ? Ss kwi05 0:47 /usr/sbin/sshd -D mysql 561 561 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:01 /usr/sbin/mysqld mysql 561 607 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 616 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:01 /usr/sbin/mysqld mysql 561 655 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:18 /usr/sbin/mysqld mysql 561 656 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:17 /usr/sbin/mysqld mysql 561 657 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:20 /usr/sbin/mysqld mysql 561 658 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:20 /usr/sbin/mysqld mysql 561 659 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:19 /usr/sbin/mysqld mysql 561 660 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:18 /usr/sbin/mysqld mysql 561 661 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:18 /usr/sbin/mysqld mysql 561 662 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:20 /usr/sbin/mysqld mysql 561 663 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:19 /usr/sbin/mysqld mysql 561 664 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:16 /usr/sbin/mysqld mysql 561 665 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:35 /usr/sbin/mysqld mysql 561 667 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:14 /usr/sbin/mysqld mysql 561 668 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:21 /usr/sbin/mysqld mysql 561 669 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:04 /usr/sbin/mysqld mysql 561 670 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:03 /usr/sbin/mysqld mysql 561 671 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:05 /usr/sbin/mysqld mysql 561 672 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:32 /usr/sbin/mysqld mysql 561 673 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:06 /usr/sbin/mysqld mysql 561 674 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 675 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 676 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 677 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 678 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:18 /usr/sbin/mysqld mysql 561 679 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 680 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 681 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 682 0.0 30 0.5 1264784 11516 ? Ssl kwi05 0:00 /usr/sbin/mysqld root 567 567 0.0 1 0.1 9488 3380 ? S kwi05 0:00 /sbin/dhclient -d -q -sf /usr/lib/NetworkManager/nm-dhcp-helper -pf /run/dhclient-eth0.pid -lf /var/lib/NetworkManager/dhclient-2728ac63-3aab-42f8-a182-10 root 594 594 0.0 1 0.0 5808 1244 tty1 Ss+ kwi05 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux uuidd 879 879 0.0 1 0.0 7700 576 ? Ss kwi11 0:00 /usr/sbin/uuidd --socket-activation Debian-+ 966 966 0.0 1 0.1 22220 2112 ? Ss kwi05 0:00 /usr/sbin/exim4 -bd -q30m root 1083 1083 0.0 1 0.2 21156 5220 ? Ss kwi05 0:00 /lib/systemd/systemd --user root 1084 1084 0.0 1 0.0 105188 112 ? S kwi05 0:00 (sd-pam) www-data 2410 2410 0.0 1 1.0 334056 22236 ? S 11:40 0:00 /usr/sbin/apache2 -k start avahi 3801 3801 0.0 1 0.1 8476 2688 ? Ss kwi08 0:09 avahi-daemon: running [doscniewoli.local] avahi 3802 3802 0.0 1 0.0 8352 28 ? S kwi08 0:00 avahi-daemon: chroot helper oracle 5211 5211 0.0 1 3.8 1058176 78004 ? Ss 12:15 0:00 oracleXE (LOCAL=NO) oracle 10437 10437 0.0 2 0.4 197520 9460 ? Ssl kwi05 0:16 /opt/oracle/product/18c/dbhomeXE/bin/tnslsnr LISTENER -inherit oracle 10437 10438 0.0 2 0.4 197520 9460 ? Ssl kwi05 0:10 /opt/oracle/product/18c/dbhomeXE/bin/tnslsnr LISTENER -inherit oracle 10483 10483 0.0 1 2.9 1054712 60040 ? Ss kwi05 0:51 xe_pmon_XE oracle 10485 10485 0.0 1 2.7 1054712 56916 ? Ss kwi05 0:16 xe_clmn_XE oracle 10487 10487 0.0 1 2.7 1054712 56812 ? Ss kwi05 2:51 xe_psp0_XE oracle 10489 10489 0.0 1 2.7 1054712 56768 ? Ss kwi05 3:53 xe_vktm_XE oracle 10493 10493 0.0 1 4.1 1074188 84848 ? Ss kwi05 0:46 xe_gen0_XE oracle 10495 10495 0.0 1 5.2 1054712 106644 ? Ss kwi05 0:21 xe_mman_XE oracle 10499 10499 0.0 2 3.5 1175716 71948 ? Ssl kwi05 0:06 xe_gen1_XE oracle 10499 10500 0.0 2 3.5 1175716 71948 ? Ssl kwi05 3:19 xe_gen1_XE oracle 10502 10502 0.0 1 2.7 1054712 56724 ? Ss kwi05 0:30 xe_diag_XE oracle 10504 10504 0.0 2 2.7 1175720 56708 ? Ssl kwi05 0:05 xe_ofsd_XE oracle 10504 10505 0.0 2 2.7 1175720 56708 ? Ssl kwi05 0:05 xe_ofsd_XE oracle 10507 10507 0.0 1 4.7 1072192 98056 ? Ss kwi05 6:27 xe_dbrm_XE oracle 10509 10509 0.3 1 2.8 1054712 58748 ? Ss kwi05 49:05 xe_vkrm_XE oracle 10511 10511 0.0 1 2.7 1055224 56400 ? Ss kwi05 0:33 xe_svcb_XE oracle 10513 10513 0.0 1 2.7 1054712 57020 ? Ss kwi05 1:15 xe_pman_XE oracle 10515 10515 0.0 1 3.4 1057912 71260 ? Ss kwi05 5:37 xe_dia0_XE oracle 10517 10517 0.0 1 5.7 1076676 116652 ? Ss kwi05 3:09 xe_dbw0_XE oracle 10519 10519 0.0 1 3.0 1069708 62668 ? Ss kwi05 1:26 xe_lgwr_XE oracle 10521 10521 0.0 1 3.6 1069708 73848 ? Ss kwi05 4:22 xe_ckpt_XE oracle 10523 10523 0.0 1 6.0 1074256 124384 ? Ss kwi05 0:35 xe_smon_XE oracle 10525 10525 0.0 1 3.0 1069708 62180 ? Ss kwi05 0:45 xe_smco_XE oracle 10527 10527 0.0 1 4.5 1074196 92832 ? Ss kwi05 0:14 xe_reco_XE oracle 10529 10529 0.0 1 5.9 1092384 122536 ? Ss kwi05 0:21 xe_w000_XE oracle 10531 10531 0.0 1 3.4 1063320 71452 ? Ss kwi05 0:41 xe_lreg_XE oracle 10533 10533 0.0 1 5.3 1092388 108412 ? Ss kwi05 0:22 xe_w001_XE oracle 10535 10535 0.0 1 2.8 1069184 57316 ? Ss kwi05 0:13 xe_pxmn_XE oracle 10539 10539 0.0 1 6.6 1080596 136344 ? Ss kwi05 8:01 xe_mmon_XE oracle 10541 10541 0.0 1 4.8 1055552 98680 ? Ss kwi05 0:21 xe_mmnl_XE oracle 10543 10543 0.0 1 2.5 1059352 52928 ? Ss kwi05 0:14 xe_d000_XE oracle 10545 10545 0.0 1 2.5 1056552 52556 ? Ss kwi05 0:11 xe_s000_XE oracle 10547 10547 0.0 1 2.7 1054712 57132 ? Ss kwi05 0:10 xe_tmon_XE oracle 10558 10558 0.0 1 2.8 1092104 58840 ? Ss kwi05 0:13 xe_tt00_XE oracle 10560 10560 0.0 1 2.8 1054452 57856 ? Ss kwi05 0:07 xe_tt01_XE oracle 10562 10562 0.0 1 2.8 1054452 57712 ? Ss kwi05 0:38 xe_tt02_XE oracle 10565 10565 0.0 1 5.7 1084176 118164 ? Ss kwi05 0:19 xe_w002_XE oracle 10567 10567 0.0 1 5.9 1100644 122124 ? Ss kwi05 0:22 xe_w003_XE oracle 10569 10569 0.0 1 4.6 1080356 94804 ? Ss kwi05 0:23 xe_aqpc_XE oracle 10571 10571 0.0 1 6.0 1100620 122736 ? Ss kwi05 0:23 xe_w004_XE oracle 10577 10577 0.0 1 2.5 1054452 52788 ? Ss kwi05 0:27 xe_p000_XE oracle 10579 10579 0.0 1 3.1 1057320 63664 ? Ss kwi05 0:09 xe_qm02_XE oracle 10585 10585 0.0 1 4.0 1060084 83484 ? Ss kwi05 0:09 xe_q003_XE oracle 10791 10791 0.1 1 7.6 1117356 155640 ? Ss kwi05 24:13 xe_cjq0_XE oracle 10793 10793 0.0 1 5.7 1084196 118460 ? Ss kwi05 0:27 xe_w005_XE oracle 10891 10891 0.0 1 3.5 1057372 71940 ? Ss kwi14 0:01 xe_q001_XE oracle 10913 10913 0.0 1 5.8 1092364 119848 ? Ss kwi05 0:20 xe_w006_XE oracle 10917 10917 0.0 1 5.9 1092420 120656 ? Ss kwi05 0:23 xe_w007_XE root 11793 11793 0.0 1 0.1 38788 3548 ? Ss kwi11 0:03 /usr/sbin/winbindd --foreground --no-process-group root 11795 11795 0.0 1 0.0 38788 1952 ? S kwi11 0:01 winbindd: domain child [DOSCNIEWOLI] root 13757 13757 0.0 3 0.2 166940 4140 ? Sl kwi11 0:00 lightdm --session-child 12 21 root 13757 13758 0.0 3 0.2 166940 4140 ? Sl kwi11 0:00 lightdm --session-child 12 21 root 13757 13759 0.0 3 0.2 166940 4140 ? Sl kwi11 0:00 lightdm --session-child 12 21 fx 13772 13772 0.0 1 0.2 21280 5104 ? Ss kwi11 0:00 /lib/systemd/systemd --user fx 13773 13773 0.0 1 0.0 172192 172 ? S kwi11 0:00 (sd-pam) fx 13785 13785 0.0 4 0.1 240920 2460 ? Sl kwi11 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13785 13786 0.0 4 0.1 240920 2460 ? Sl kwi11 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13785 13787 0.0 4 0.1 240920 2460 ? Sl kwi11 0:02 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13785 13836 0.0 4 0.1 240920 2460 ? Sl kwi11 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13788 13788 0.0 4 0.2 284448 5288 ? Ssl kwi11 0:12 x-session-manager fx 13788 13823 0.0 4 0.2 284448 5288 ? Ssl kwi11 0:00 x-session-manager fx 13788 13824 0.0 4 0.2 284448 5288 ? Ssl kwi11 0:00 x-session-manager fx 13788 13829 0.0 4 0.2 284448 5288 ? Ssl kwi11 0:00 x-session-manager fx 13796 13796 0.0 1 0.1 17312 2952 ? Ss kwi11 0:08 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only fx 13807 13807 0.0 1 0.0 0 0 ? Z kwi11 0:00 [xbrlapi] <defunct> fx 13816 13816 0.0 1 0.0 5852 40 ? Ss kwi11 0:05 /usr/bin/ssh-agent x-session-manager fx 13817 13817 0.0 4 0.1 312556 2540 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13817 13818 0.0 4 0.1 312556 2540 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13817 13819 0.0 4 0.1 312556 2540 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13817 13821 0.0 4 0.1 312556 2540 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13822 13822 0.0 1 0.1 9940 3004 ? S kwi11 0:03 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 fx 13826 13826 0.0 3 0.1 174140 3296 ? Sl kwi11 0:10 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 13826 13827 0.0 3 0.1 174140 3296 ? Sl kwi11 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 13826 13828 0.0 3 0.1 174140 3296 ? Sl kwi11 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 13831 13831 0.0 3 0.1 159340 2512 ? Sl kwi11 0:00 /usr/lib/dconf/dconf-service fx 13831 13832 0.0 3 0.1 159340 2512 ? Sl kwi11 0:00 /usr/lib/dconf/dconf-service fx 13831 13833 0.0 3 0.1 159340 2512 ? Sl kwi11 0:00 /usr/lib/dconf/dconf-service fx 13837 13837 0.0 5 0.3 1009688 8040 ? Sl kwi11 0:36 /usr/bin/mate-settings-daemon fx 13837 13838 0.0 5 0.3 1009688 8040 ? Sl kwi11 0:04 /usr/bin/mate-settings-daemon fx 13837 13839 0.0 5 0.3 1009688 8040 ? Sl kwi11 0:00 /usr/bin/mate-settings-daemon fx 13837 13840 0.0 5 0.3 1009688 8040 ? Sl kwi11 0:00 /usr/bin/mate-settings-daemon fx 13837 13852 0.0 5 0.3 1009688 8040 ? Sl kwi11 0:00 /usr/bin/mate-settings-daemon fx 13842 13842 0.0 4 0.6 705096 12272 ? Sl kwi11 2:30 marco fx 13842 13844 0.0 4 0.6 705096 12272 ? Sl kwi11 0:00 marco fx 13842 13845 0.0 4 0.6 705096 12272 ? Sl kwi11 0:00 marco fx 13842 13846 0.0 4 0.6 705096 12272 ? Sl kwi11 0:00 marco fx 13843 13843 0.0 3 0.1 240460 3160 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd fx 13843 13847 0.0 3 0.1 240460 3160 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd fx 13843 13848 0.0 3 0.1 240460 3160 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd fx 13853 13853 0.0 4 0.7 560416 14984 ? Sl kwi11 0:37 mate-panel fx 13853 13854 0.0 4 0.7 560416 14984 ? Sl kwi11 0:04 mate-panel fx 13853 13855 0.0 4 0.7 560416 14984 ? Sl kwi11 0:00 mate-panel fx 13853 13856 0.0 4 0.7 560416 14984 ? Sl kwi11 0:00 mate-panel fx 13874 13874 0.0 4 0.8 736228 18256 ? Sl kwi11 0:38 caja fx 13874 13914 0.0 4 0.8 736228 18256 ? Sl kwi11 0:03 caja fx 13874 13915 0.0 4 0.8 736228 18256 ? Sl kwi11 0:00 caja fx 13874 13924 0.0 4 0.8 736228 18256 ? Sl kwi11 0:00 caja fx 13875 13875 0.0 3 0.2 280936 4252 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 13875 13879 0.0 3 0.2 280936 4252 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 13875 13880 0.0 3 0.2 280936 4252 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 13882 13882 0.0 3 0.3 528228 7008 ? Sl kwi11 0:00 mate-volume-control-applet fx 13882 13887 0.0 3 0.3 528228 7008 ? Sl kwi11 0:00 mate-volume-control-applet fx 13882 13888 0.0 3 0.3 528228 7008 ? Sl kwi11 0:00 mate-volume-control-applet fx 13885 13885 0.0 4 0.3 368480 6540 ? Sl kwi11 0:00 nm-applet fx 13885 13902 0.0 4 0.3 368480 6540 ? Sl kwi11 0:00 nm-applet fx 13885 13903 0.0 4 0.3 368480 6540 ? Sl kwi11 0:00 nm-applet fx 13885 13923 0.0 4 0.3 368480 6540 ? Sl kwi11 0:00 nm-applet fx 13892 13892 0.0 4 0.4 365844 9088 ? Sl kwi11 0:45 mate-screensaver fx 13892 13899 0.0 4 0.4 365844 9088 ? Sl kwi11 0:03 mate-screensaver fx 13892 13900 0.0 4 0.4 365844 9088 ? Sl kwi11 0:00 mate-screensaver fx 13892 13901 0.0 4 0.4 365844 9088 ? Sl kwi11 0:00 mate-screensaver fx 13897 13897 0.0 4 0.3 357080 7164 ? Sl kwi11 0:05 mate-power-manager fx 13897 13926 0.0 4 0.3 357080 7164 ? Sl kwi11 0:00 mate-power-manager fx 13897 13927 0.0 4 0.3 357080 7164 ? Sl kwi11 0:00 mate-power-manager fx 13897 13933 0.0 4 0.3 357080 7164 ? Sl kwi11 0:00 mate-power-manager fx 13898 13898 0.0 3 0.1 311336 2240 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 13898 13909 0.0 3 0.1 311336 2240 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 13898 13912 0.0 3 0.1 311336 2240 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 13908 13908 0.0 3 0.1 238384 2848 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 13908 13920 0.0 3 0.1 238384 2848 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 13908 13922 0.0 3 0.1 238384 2848 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 13925 13925 0.0 4 0.1 319252 2204 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13925 13928 0.0 4 0.1 319252 2204 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13925 13929 0.0 4 0.1 319252 2204 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13925 13931 0.0 4 0.1 319252 2204 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13932 13932 0.0 3 0.1 236580 2768 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 13932 13935 0.0 3 0.1 236580 2768 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 13932 13936 0.0 3 0.1 236580 2768 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor root 13934 13934 0.0 3 0.1 258632 3208 ? Ssl kwi11 0:00 /usr/lib/upower/upowerd root 13934 13942 0.0 3 0.1 258632 3208 ? Ssl kwi11 0:00 /usr/lib/upower/upowerd root 13934 13943 0.0 3 0.1 258632 3208 ? Ssl kwi11 0:00 /usr/lib/upower/upowerd fx 13938 13938 0.0 3 0.1 240864 3312 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 13938 13939 0.0 3 0.1 240864 3312 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 13938 13941 0.0 3 0.1 240864 3312 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 13946 13946 0.0 4 0.5 361164 11628 ? Sl kwi11 0:23 /usr/lib/mate-panel/wnck-applet fx 13946 13962 0.0 4 0.5 361164 11628 ? Sl kwi11 0:00 /usr/lib/mate-panel/wnck-applet fx 13946 13964 0.0 4 0.5 361164 11628 ? Sl kwi11 0:00 /usr/lib/mate-panel/wnck-applet fx 13946 13978 0.0 4 0.5 361164 11628 ? Sl kwi11 0:00 /usr/lib/mate-panel/wnck-applet fx 13947 13947 0.0 3 0.1 388164 3292 ? Sl kwi11 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.21 /org/gtk/gvfs/exec_spaw/0 fx 13947 13957 0.0 3 0.1 388164 3292 ? Sl kwi11 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.21 /org/gtk/gvfs/exec_spaw/0 fx 13947 13958 0.0 3 0.1 388164 3292 ? Sl kwi11 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.21 /org/gtk/gvfs/exec_spaw/0 fx 13950 13950 0.0 4 0.2 356364 5748 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13950 13965 0.0 4 0.2 356364 5748 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13950 13967 0.0 4 0.2 356364 5748 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13950 13976 0.0 4 0.2 356364 5748 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13951 13951 0.0 4 0.4 405836 10092 ? Sl kwi11 0:11 /usr/lib/mate-panel/clock-applet fx 13951 13970 0.0 4 0.4 405836 10092 ? Sl kwi11 0:00 /usr/lib/mate-panel/clock-applet fx 13951 13972 0.0 4 0.4 405836 10092 ? Sl kwi11 0:00 /usr/lib/mate-panel/clock-applet fx 13951 13977 0.0 4 0.4 405836 10092 ? Sl kwi11 0:00 /usr/lib/mate-panel/clock-applet fx 14520 14520 0.0 3 0.1 237604 2500 ? Sl 09:00 0:00 /usr/lib/geoclue-2.0/demos/agent fx 14520 14524 0.0 3 0.1 237604 2500 ? Sl 09:00 0:00 /usr/lib/geoclue-2.0/demos/agent fx 14520 14529 0.0 3 0.1 237604 2500 ? Sl 09:00 0:00 /usr/lib/geoclue-2.0/demos/agent j 15935 15935 0.0 7 12.9 300428 264248 ? Ssl 00:59 0:05 ./kswapd0 j 15935 15936 0.0 7 12.9 300428 264248 ? Ssl 00:59 0:01 ./kswapd0 j 15935 15937 0.0 7 12.9 300428 264248 ? Ssl 00:59 0:00 ./kswapd0 j 15935 15938 0.0 7 12.9 300428 264248 ? Ssl 00:59 0:00 ./kswapd0 j 15935 15939 0.0 7 12.9 300428 264248 ? Ssl 00:59 0:00 ./kswapd0 j 15935 15940 0.0 7 12.9 300428 264248 ? Ssl 00:59 0:00 ./kswapd0 j 15935 15952 24.7 7 12.9 300428 264248 ? Rsl 00:59 276:20 ./kswapd0 root 16224 16224 0.0 1 0.0 0 0 ? I 17:39 0:00 [kworker/u2:0-events_unbound] www-data 16408 16408 0.0 1 1.2 330376 26312 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16410 16410 0.0 1 1.2 330692 26424 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16411 16411 0.0 1 1.2 330716 26208 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16422 16422 0.0 1 1.2 330920 24976 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16423 16423 0.0 1 1.5 334648 31664 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16424 16424 0.0 1 1.6 336596 33536 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16425 16425 0.0 1 1.2 330476 26476 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16426 16426 0.0 1 1.4 330632 28616 ? S 17:50 0:00 /usr/sbin/apache2 -k start www-data 16427 16427 0.0 1 1.3 331072 27052 ? S 17:50 0:00 /usr/sbin/apache2 -k start j 17303 17303 0.0 1 0.0 5452 608 ? S 18:42 0:00 timeout 3h ./tsm -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17304 17304 0.0 1 0.1 6644 2504 ? S 18:42 0:00 /bin/bash ./tsm -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17308 0.0 516 6.3 4792196 129492 ? Sl 18:42 0:00 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17309 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:03 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17310 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:03 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17311 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:03 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17312 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:04 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17313 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:03 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip (...wyciąłem bardzo dużo podobnych linii...) j 17308 17821 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:03 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17822 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:03 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip j 17308 17823 0.1 516 6.3 4792196 129492 ? Sl 18:42 0:03 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip oracle 18064 18064 0.0 1 5.9 1065380 122140 ? Ss 19:00 0:02 xe_m006_XE oracle 18097 18097 0.0 1 4.2 1058180 87228 ? Ss 19:03 0:00 oracleXE (LOCAL=NO) oracle 18099 18099 0.0 1 6.5 1059420 134448 ? Ss 19:03 0:00 oracleXE (LOCAL=NO) oracle 18106 18106 0.0 1 6.5 1061480 134360 ? Ss 19:04 0:00 oracleXE (LOCAL=NO) root 18213 18213 0.0 1 0.0 0 0 ? I 19:09 0:00 [kworker/0:1-ata_sff] oracle 18222 18222 0.0 1 4.0 1058176 82236 ? Ss 19:09 0:00 oracleXE (LOCAL=NO) oracle 18243 18243 0.0 1 4.2 1065396 87768 ? Ss 19:11 0:01 xe_m002_XE oracle 18297 18297 0.0 1 4.0 1058176 82076 ? Ss 19:15 0:00 oracleXE (LOCAL=NO) oracle 18302 18302 0.0 1 6.2 1061552 128696 ? Ss 19:15 0:00 oracleXE (LOCAL=NO) oracle 18365 18365 0.0 1 4.0 1058176 81992 ? Ss 19:19 0:00 oracleXE (LOCAL=NO) oracle 18426 18426 0.0 1 4.0 1058176 82188 ? Ss 19:25 0:00 oracleXE (LOCAL=NO) oracle 18443 18443 0.1 1 5.7 1079836 118388 ? Ss 19:26 0:00 xe_m004_XE root 18487 18487 0.0 1 0.0 0 0 ? I 19:30 0:00 [kworker/0:2-ata_sff] root 18532 18532 0.0 1 0.0 0 0 ? I 19:35 0:00 [kworker/0:0-events_freezable_power_] oracle 18544 18544 0.2 1 4.9 1059424 100272 ? Ss 19:36 0:00 oracleXE (LOCAL=NO) oracle 18546 18546 0.1 1 3.1 1054452 65008 ? Ss 19:36 0:00 xe_m000_XE root 18548 18548 0.2 1 0.4 17208 8592 ? Ss 19:37 0:00 sshd: root@pts/0 root 18550 18550 0.0 1 0.3 15948 6716 ? Ss 19:37 0:00 sshd: [accepted] oracle 18552 18552 0.0 1 3.0 1054452 63068 ? Ss 19:37 0:00 xe_qm03_XE root 18557 18557 0.2 1 0.2 8148 4544 pts/0 Ss 19:37 0:00 -bash root 18559 18559 0.0 1 0.0 0 0 ? I 19:37 0:00 [kworker/u2:2] root 18562 18562 0.0 1 0.1 10828 3236 pts/0 R+ 19:37 0:00 ps aux -L fx 19606 19606 0.0 3 0.1 164988 2384 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd-metadata fx 19606 19607 0.0 3 0.1 164988 2384 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd-metadata fx 19606 19608 0.0 3 0.1 164988 2384 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd-metadata j 21572 21572 0.0 1 0.2 21152 5072 ? Ss kwi14 0:00 /lib/systemd/systemd --user j 21573 21573 0.0 1 0.0 172256 284 ? S kwi14 0:00 (sd-pam) j 21617 21617 0.0 1 0.1 9036 2692 ? Ss kwi14 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only fx 22190 22190 0.0 3 0.1 237604 2192 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 22190 22197 0.0 3 0.1 237604 2192 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 22190 22200 0.0 3 0.1 237604 2192 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 22841 22841 0.0 4 0.1 240736 2484 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 22841 22842 0.0 4 0.1 240736 2484 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 22841 22843 0.0 4 0.1 240736 2484 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 22841 22844 0.0 4 0.1 240736 2484 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 23029 23029 0.0 3 0.1 311336 2220 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 23029 23031 0.0 3 0.1 311336 2220 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 23029 23033 0.0 3 0.1 311336 2220 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent j 23486 23486 0.0 1 0.0 14036 2000 ? S kwi14 0:11 rsync j 23575 23575 0.0 1 0.1 6644 2340 ? S kwi14 0:00 /bin/bash ./go fx 24275 24275 0.0 3 0.1 237604 2396 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 24275 24277 0.0 3 0.1 237604 2396 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 24275 24282 0.0 3 0.1 237604 2396 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26471 26471 0.0 3 0.1 237604 2340 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26471 26480 0.0 3 0.1 237604 2340 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26471 26493 0.0 3 0.1 237604 2340 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26970 26970 0.0 3 0.1 237604 2216 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26970 26972 0.0 3 0.1 237604 2216 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26970 26974 0.0 3 0.1 237604 2216 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 27547 27547 0.0 3 0.3 202272 6432 ? Sl 09:15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 27547 27548 0.0 3 0.3 202272 6432 ? Sl 09:15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 27547 27550 0.0 3 0.3 202272 6432 ? Sl 09:15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 27618 27618 0.0 3 0.1 311336 2500 ? Sl 09:16 0:00 /usr/lib/geoclue-2.0/demos/agent fx 27618 27620 0.0 3 0.1 311336 2500 ? Sl 09:16 0:00 /usr/lib/geoclue-2.0/demos/agent fx 27618 27628 0.0 3 0.1 311336 2500 ? Sl 09:16 0:00 /usr/lib/geoclue-2.0/demos/agent root 28353 28353 0.0 1 0.3 323388 8124 ? Ss kwi10 0:17 /usr/sbin/apache2 -k start fx 29565 29565 0.0 3 0.1 311336 2664 ? Sl 09:32 0:00 /usr/lib/geoclue-2.0/demos/agent fx 29565 29569 0.0 3 0.1 311336 2664 ? Sl 09:32 0:00 /usr/lib/geoclue-2.0/demos/agent fx 29565 29572 0.0 3 0.1 311336 2664 ? Sl 09:32 0:00 /usr/lib/geoclue-2.0/demos/agent fx 29947 29947 0.0 2 0.1 1491212 3740 ? S<sl 09:32 0:00 /usr/bin/pulseaudio --daemonize=no fx 29947 29949 0.0 2 0.1 1491212 3740 ? Ssl 09:32 0:00 /usr/bin/pulseaudio --daemonize=no fx 30006 30006 1.3 1 1.2 176704 24668 ? S 09:34 8:00 Xtightvnc :1 -desktop X -auth /home/fx/.Xauthority -geometry 1852x1000 -depth 16 -rfbwait 120000 -rfbauth /home/fx/.vnc/passwd -rfbport 5901 -fp /usr/shar fx 30013 30013 0.0 4 0.3 287208 7684 ? Sl 09:34 0:02 mate-session fx 30013 30027 0.0 4 0.3 287208 7684 ? Sl 09:34 0:00 mate-session fx 30013 30031 0.0 4 0.3 287208 7684 ? Sl 09:34 0:00 mate-session fx 30013 30036 0.0 4 0.3 287208 7684 ? Sl 09:34 0:00 mate-session fx 30016 30016 0.0 1 0.0 11032 1308 ? S 09:34 0:00 dbus-launch --exit-with-session mate-session fx 30018 30018 0.0 1 0.1 9384 2444 ? Ss 09:34 0:00 /usr/bin/dbus-daemon --syslog --fork --print-pid 5 --print-address 7 --session fx 30020 30020 0.0 4 0.1 312556 3212 ? Sl 09:34 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30020 30022 0.0 4 0.1 312556 3212 ? Sl 09:34 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30020 30023 0.0 4 0.1 312556 3212 ? Sl 09:34 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30020 30025 0.0 4 0.1 312556 3212 ? Sl 09:34 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30026 30026 0.0 1 0.1 9164 3228 ? S 09:34 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 fx 30029 30029 0.0 3 0.1 174008 3652 ? Sl 09:34 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 30029 30034 0.0 3 0.1 174008 3652 ? Sl 09:34 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 30029 30035 0.0 3 0.1 174008 3652 ? Sl 09:34 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 30044 30044 0.0 3 0.1 159340 2648 ? Sl 09:34 0:00 /usr/lib/dconf/dconf-service fx 30044 30046 0.0 3 0.1 159340 2648 ? Sl 09:34 0:00 /usr/lib/dconf/dconf-service fx 30044 30047 0.0 3 0.1 159340 2648 ? Sl 09:34 0:00 /usr/lib/dconf/dconf-service fx 30058 30058 0.0 5 0.5 1048948 12072 ? Sl 09:34 0:04 /usr/bin/mate-settings-daemon fx 30058 30061 0.0 5 0.5 1048948 12072 ? Sl 09:34 0:00 /usr/bin/mate-settings-daemon fx 30058 30062 0.0 5 0.5 1048948 12072 ? Sl 09:34 0:00 /usr/bin/mate-settings-daemon fx 30058 30063 0.0 5 0.5 1048948 12072 ? Sl 09:34 0:00 /usr/bin/mate-settings-daemon fx 30058 30088 0.0 5 0.5 1048948 12072 ? Sl 09:34 0:00 /usr/bin/mate-settings-daemon fx 30071 30071 0.0 4 0.6 336156 13640 ? Sl 09:34 0:01 marco fx 30071 30074 0.0 4 0.6 336156 13640 ? Sl 09:34 0:00 marco fx 30071 30075 0.0 4 0.6 336156 13640 ? Sl 09:34 0:00 marco fx 30071 30076 0.0 4 0.6 336156 13640 ? Sl 09:34 0:00 marco fx 30073 30073 0.0 3 0.1 240464 3456 ? Sl 09:34 0:00 /usr/lib/gvfs/gvfsd fx 30073 30077 0.0 3 0.1 240464 3456 ? Sl 09:34 0:00 /usr/lib/gvfs/gvfsd fx 30073 30078 0.0 3 0.1 240464 3456 ? Sl 09:34 0:00 /usr/lib/gvfs/gvfsd fx 30080 30080 0.0 4 0.6 554624 14260 ? Sl 09:34 0:02 mate-panel fx 30080 30083 0.0 4 0.6 554624 14260 ? Sl 09:34 0:00 mate-panel fx 30080 30084 0.0 4 0.6 554624 14260 ? Sl 09:34 0:00 mate-panel fx 30080 30085 0.0 4 0.6 554624 14260 ? Sl 09:34 0:00 mate-panel fx 30089 30089 0.0 4 1.0 762568 22352 ? Sl 09:34 0:06 caja fx 30089 30115 0.0 4 1.0 762568 22352 ? Sl 09:34 0:00 caja fx 30089 30116 0.0 4 1.0 762568 22352 ? Sl 09:34 0:00 caja fx 30089 30138 0.0 4 1.0 762568 22352 ? Sl 09:34 0:00 caja fx 30101 30101 0.0 3 0.7 677524 14320 ? Sl 09:34 0:00 mate-volume-control-applet fx 30101 30125 0.0 3 0.7 677524 14320 ? Sl 09:34 0:00 mate-volume-control-applet fx 30101 30127 0.0 3 0.7 677524 14320 ? Sl 09:34 0:00 mate-volume-control-applet fx 30102 30102 0.0 3 0.3 203800 6556 ? Sl 09:34 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 30102 30123 0.0 3 0.3 203800 6556 ? Sl 09:34 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 30102 30124 0.0 3 0.3 203800 6556 ? Sl 09:34 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 30103 30103 0.0 4 0.5 370352 11672 ? Sl 09:34 0:00 nm-applet fx 30103 30130 0.0 4 0.5 370352 11672 ? Sl 09:34 0:00 nm-applet fx 30103 30131 0.0 4 0.5 370352 11672 ? Sl 09:34 0:00 nm-applet fx 30103 30142 0.0 4 0.5 370352 11672 ? Sl 09:34 0:00 nm-applet fx 30106 30106 0.0 4 0.3 288020 6428 ? Sl 09:34 0:00 mate-screensaver fx 30106 30139 0.0 4 0.3 288020 6428 ? Sl 09:34 0:00 mate-screensaver fx 30106 30140 0.0 4 0.3 288020 6428 ? Sl 09:34 0:00 mate-screensaver fx 30106 30141 0.0 4 0.3 288020 6428 ? Sl 09:34 0:00 mate-screensaver fx 30112 30112 0.0 3 0.1 237604 2552 ? Sl 09:34 0:00 /usr/lib/geoclue-2.0/demos/agent fx 30112 30117 0.0 3 0.1 237604 2552 ? Sl 09:34 0:00 /usr/lib/geoclue-2.0/demos/agent fx 30112 30119 0.0 3 0.1 237604 2552 ? Sl 09:34 0:00 /usr/lib/geoclue-2.0/demos/agent fx 30147 30147 0.0 3 0.2 280808 4896 ? Sl 09:34 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 30147 30149 0.0 3 0.2 280808 4896 ? Sl 09:34 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 30147 30150 0.0 3 0.2 280808 4896 ? Sl 09:34 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 30155 30155 0.0 3 0.1 238384 3172 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 30155 30156 0.0 3 0.1 238384 3172 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 30155 30158 0.0 3 0.1 238384 3172 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 30160 30160 0.0 4 0.1 319252 2756 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30160 30161 0.0 4 0.1 319252 2756 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30160 30162 0.0 4 0.1 319252 2756 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30160 30164 0.0 4 0.1 319252 2756 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30166 30166 0.0 3 0.1 236584 3064 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 30166 30167 0.0 3 0.1 236584 3064 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 30166 30168 0.0 3 0.1 236584 3064 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 30171 30171 0.0 3 0.1 240864 3408 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 30171 30172 0.0 3 0.1 240864 3408 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 30171 30174 0.0 3 0.1 240864 3408 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 30177 30177 0.0 4 0.7 406928 15308 ? Sl 09:35 0:01 /usr/lib/mate-panel/clock-applet fx 30177 30194 0.0 4 0.7 406928 15308 ? Sl 09:35 0:00 /usr/lib/mate-panel/clock-applet fx 30177 30196 0.0 4 0.7 406928 15308 ? Sl 09:35 0:00 /usr/lib/mate-panel/clock-applet fx 30177 30201 0.0 4 0.7 406928 15308 ? Sl 09:35 0:00 /usr/lib/mate-panel/clock-applet fx 30178 30178 0.0 4 0.6 362896 13044 ? Sl 09:35 0:03 /usr/lib/mate-panel/wnck-applet fx 30178 30190 0.0 4 0.6 362896 13044 ? Sl 09:35 0:00 /usr/lib/mate-panel/wnck-applet fx 30178 30192 0.0 4 0.6 362896 13044 ? Sl 09:35 0:00 /usr/lib/mate-panel/wnck-applet fx 30178 30205 0.0 4 0.6 362896 13044 ? Sl 09:35 0:00 /usr/lib/mate-panel/wnck-applet fx 30180 30180 0.0 4 0.3 357828 8032 ? Sl 09:35 0:00 /usr/lib/mate-panel/notification-area-applet fx 30180 30185 0.0 4 0.3 357828 8032 ? Sl 09:35 0:00 /usr/lib/mate-panel/notification-area-applet fx 30180 30189 0.0 4 0.3 357828 8032 ? Sl 09:35 0:00 /usr/lib/mate-panel/notification-area-applet fx 30180 30202 0.0 4 0.3 357828 8032 ? Sl 09:35 0:00 /usr/lib/mate-panel/notification-area-applet fx 30181 30181 0.0 3 0.1 388160 3684 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.11 /org/gtk/gvfs/exec_spaw/0 fx 30181 30182 0.0 3 0.1 388160 3684 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.11 /org/gtk/gvfs/exec_spaw/0 fx 30181 30183 0.0 3 0.1 388160 3684 ? Sl 09:35 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.11 /org/gtk/gvfs/exec_spaw/0 fx 30217 30217 0.0 1 0.2 40508 4436 ? S 09:35 0:00 xterm -class UXTerm -title uxterm -u8 fx 30226 30226 0.0 1 0.1 8740 3528 pts/4 Ss+ 09:35 0:00 bash fx 30462 30462 6.9 1 0.2 9168 4600 ? Ss 09:45 41:26 /usr/lib/wine/wineserver32 -p0 fx 30466 30466 0.0 5 0.0 2633908 1216 ? Ssl 09:45 0:00 C:\windows\system32\services.exe fx 30466 30467 0.0 5 0.0 2633908 1216 ? Ssl 09:45 0:00 C:\windows\system32\services.exe fx 30466 30495 0.0 5 0.0 2633908 1216 ? Ssl 09:46 0:00 C:\windows\system32\services.exe fx 30466 30498 0.0 5 0.0 2633908 1216 ? Ssl 09:46 0:00 C:\windows\system32\services.exe fx 30466 30965 0.0 5 0.0 2633908 1216 ? Ssl 09:49 0:00 C:\windows\system32\services.exe fx 30473 30473 0.0 2 0.0 2654520 1000 pts/4 Sl 09:45 0:00 C:\windows\system32\explorer.exe /desktop fx 30473 30474 0.0 2 0.0 2654520 1000 pts/4 Sl 09:45 0:03 C:\windows\system32\explorer.exe /desktop root 30483 30483 0.0 1 0.0 0 0 ? I 09:45 0:00 [kworker/u2:1-events_unbound] fx 30494 30494 0.0 4 0.0 2642052 1756 ? Sl 09:46 0:00 C:\windows\system32\winedevice.exe fx 30494 30496 0.0 4 0.0 2642052 1756 ? Sl 09:46 0:00 C:\windows\system32\winedevice.exe fx 30494 30497 0.0 4 0.0 2642052 1756 ? Sl 09:46 0:00 C:\windows\system32\winedevice.exe fx 30494 30499 0.0 4 0.0 2642052 1756 ? Sl 09:46 0:00 C:\windows\system32\winedevice.exe fx 30547 30547 0.0 3 0.1 164988 3068 ? Sl 09:46 0:00 /usr/lib/gvfs/gvfsd-metadata fx 30547 30548 0.0 3 0.1 164988 3068 ? Sl 09:46 0:00 /usr/lib/gvfs/gvfsd-metadata fx 30547 30549 0.0 3 0.1 164988 3068 ? Sl 09:46 0:00 /usr/lib/gvfs/gvfsd-metadata fx 30582 30582 10.6 6 1.8 1417780 37900 ? Rsl 09:46 62:47 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 30959 0.0 6 1.8 1417780 37900 ? Ssl 09:49 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31008 0.0 6 1.8 1417780 37900 ? Ssl 09:49 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31009 0.0 6 1.8 1417780 37900 ? Ssl 09:49 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31010 0.0 6 1.8 1417780 37900 ? Ssl 09:49 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31057 2.2 6 1.8 1417780 37900 ? Ssl 09:50 13:24 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30587 30587 0.0 3 0.2 281908 4560 ? Sl 09:46 0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.11 /org/gtk/gvfs/exec_spaw/1 fx 30587 30589 0.0 3 0.2 281908 4560 ? Sl 09:46 0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.11 /org/gtk/gvfs/exec_spaw/1 fx 30587 30590 0.0 3 0.2 281908 4560 ? Sl 09:46 0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.11 /org/gtk/gvfs/exec_spaw/1 fx 30964 30964 0.0 6 0.0 2633764 1040 ? Sl 09:49 0:00 C:\windows\system32\rpcss.exe fx 30964 30966 0.0 6 0.0 2633764 1040 ? Sl 09:49 0:00 C:\windows\system32\rpcss.exe fx 30964 30967 0.0 6 0.0 2633764 1040 ? Sl 09:49 0:00 C:\windows\system32\rpcss.exe fx 30964 30968 0.0 6 0.0 2633764 1040 ? Sl 09:49 0:00 C:\windows\system32\rpcss.exe fx 30964 30969 0.0 6 0.0 2633764 1040 ? Sl 09:49 0:00 C:\windows\system32\rpcss.exe fx 30964 30970 0.0 6 0.0 2633764 1040 ? Sl 09:49 0:00 C:\windows\system32\rpcss.exe fx 31755 31755 0.9 3 5.6 1148060 115864 ? Sl 09:56 5:41 C:\Program Files\Admiral Markets MT4\metaeditor.exe /portable fx 31755 31759 0.0 3 5.6 1148060 115864 ? Sl 09:56 0:00 C:\Program Files\Admiral Markets MT4\metaeditor.exe /portable fx 31755 31764 0.0 3 5.6 1148060 115864 ? Sl 09:56 0:00 C:\Program Files\Admiral Markets MT4\metaeditor.exe /portable
Ostatnio edytowany przez Blackhole (2020-04-15 19:43:27)
Offline
#4 2020-04-15 23:12:01
Jacekalex - Podobno człowiek...;)
- Jacekalex
- Podobno człowiek...;)
- Skąd: /dev/random
- Zarejestrowany: 2008-01-07
Re: Mój VPS podobno atakuje
Co powiada rkhunter?
Co powiada pstree?
Co powiada chkrootkit?
Kto twierdzi, że VPS atakuje?
Jak jest ten VPS skonfigurowany, kto jego konfigurował?
Kiedy miał ostatnią aktualizację bezpieczeństwa?
Co na tym VPSie robi wine, mate i gnome?
Co to za proces:
Kod:
j 17308 17308 0.0 516 6.3 4792196 129492 ? Sl 18:42 0:00 /tmp/.X25-unix/.rsync/c/lib/64/tsm --library-path /tmp/.X25-unix/.rsync/c/lib/64/ /usr/sbin/httpd rsync/c/tsm64 -t 515 -f 1 -s 12 -S 10 -p 0 -d 1 p ip
?
Masz tam kilkadziesiąt podobnych.
Moim zdaniem
Kod:
/tmp/.X25-unix/
zawiera wynikową, roboczą wersję backdoora.
Gdzieś w systemie jest ukryta jego pierwotna wersja, która te śmieci generuje dynamicznie.
Ostatnio edytowany przez Jacekalex (2020-04-15 23:25:35)
W demokracji każdy naród ma taką władzę, na jaką zasługuje ;)
Si vis pacem para bellum ;) | Pozdrawiam :)
Offline
#5 2020-04-16 07:16:00
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Ja ten VPS konfiguruję.
Nie jestem tak biegły w Linux-ie, by Ci na te wszystkie pytania łatwo i szybko odpowiedzieć.
- wine mam do działania platformy MetaTrader4 (Forex)
- mate, by był jakiś prosty menadżer okien, w którym MT4 może działać
- gnome mogę wywalić zapewne
Jak pisałem, twierdzenie o atakowaniu przez VPS-a, wystosował jego dostawca, który przesłał mi logi otrzymane m.in. z atakowanych serwerów.
Jak się robi aktualizację bezpieczeństwa?
Nie wiem, co to za procesy, których tak dużo jest :(
Chyba muszę dodać do source.list źródła buster-backports, tak? (na razie ich nie ma).
Dzięki za odpowiedź i bardzo proszę o dalszą pomoc.
Ostatnio edytowany przez Blackhole (2020-04-16 08:08:52)
Offline
#6 2020-04-16 08:09:14
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Hmm... buster-backports raczej nic tu nie pomogą.
Moje source.list wygląda tak:
Kod:
# cat /etc/apt/sources.list deb http://deb.debian.org/debian stable main contrib non-free deb-src http://deb.debian.org/debian stable main contrib non-free deb http://deb.debian.org/debian stable-updates main contrib non-free deb-src http://deb.debian.org/debian stable-updates main contrib non-free deb http://deb.debian.org/debian/ buster-backports main contrib non-free deb-src http://deb.debian.org/debian buster-backports main contrib non-free deb http://deb.debian.org/debian-security stable/updates main contrib non-free deb-src http://deb.debian.org/debian-security stable/updates main contrib non-free
Ostatnio edytowany przez Blackhole (2020-04-16 08:13:23)
Offline
#7 2020-04-16 09:55:05
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Jacekalex napisał(-a):
Co powiada rkhunter?
Takie cos:
Kod:
# rkhunter --check
[ Rootkit Hunter version 1.4.6 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/rsyslogd [ OK ]
/usr/sbin/sshd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/unhide [ OK ]
/usr/sbin/unhide-linux [ OK ]
/usr/sbin/unhide-posix [ OK ]
/usr/sbin/unhide-tcp [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ OK ]
/usr/bin/dpkg-query [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/ipcs [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pgrep [ OK ]
/usr/bin/pkill [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/sha224sum [ OK ]
/usr/bin/sha256sum [ OK ]
/usr/bin/sha384sum [ OK ]
/usr/bin/sha512sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/ssh [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/telnet [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/numfmt [ OK ]
/usr/bin/gawk [ OK ]
/usr/bin/lwp-request [ Warning ]
/usr/bin/bsd-mailx [ OK ]
/usr/bin/x86_64-linux-gnu-size [ OK ]
/usr/bin/x86_64-linux-gnu-strings [ OK ]
/usr/bin/telnet.netkit [ OK ]
/usr/bin/w.procps [ OK ]
/usr/bin/mawk [ OK ]
/sbin/depmod [ OK ]
/sbin/fsck [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/route [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/bin/awk [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ OK ]
/bin/less [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ping [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/bin/kmod [ OK ]
/bin/systemd [ OK ]
/bin/systemctl [ OK ]
/bin/dash [ OK ]
/lib/systemd/systemd [ OK ]
[Press <ENTER> to continue]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
Adore Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
cb Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Diamorphine LKM [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Ebury backdoor [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
Fu Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Jynx Rootkit [ Not found ]
Jynx2 Rootkit [ Not found ]
KBeast Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
ld-linuxv.so Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mokes backdoor [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
'Spanish' Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
trNkit Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
Xzibit Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]
[Press <ENTER> to continue]
Performing additional rootkit checks
Suckit Rootkit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for sniffer log files [ None found ]
Checking for suspicious directories [ None found ]
Checking for suspicious (large) shared memory segments [ None found ]
Checking for Apache backdoor [ Not found ]
Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]
[Press <ENTER> to continue]
Checking the network...
Performing checks on the network ports
Checking for backdoor ports [ None found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]
Performing system configuration file checks
Checking for an SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
Checking for other suspicious configuration settings [ None found ]
Checking for a running system logging daemon [ Found ]
Checking for a system logging configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
[Press <ENTER> to continue]
System checks summary
=====================
File properties checks...
Files checked: 151
Suspect files: 1
Rootkit checks...
Rootkits checked : 500
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 35 minutes and 18 seconds
All results have been written to the log file: /var/log/rkhunter.log
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)Offline
#8 2020-04-16 09:59:59
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Zmieniłem już:
PermitRootLogin w sshd_config z "yes" na "without-password".
Offline
#9 2020-04-16 11:27:30
mati75 - Psuj
- mati75
- Psuj
- Skąd: masz ten towar?
- Zarejestrowany: 2010-03-14
Re: Mój VPS podobno atakuje
Zablokuj całkowicie logowanie na ssh na roota. Loguj się ze zwykłego użytkownika.
Procesy użytkownika j wszystkie są podejrzane. To Twój użytkownik? Jeśli nie, to:
Kod:
killall -9 -u j
Blokujesz mu powłokę.
Kod:
usermod --shell /bin/false j
Następnie zobaczyłbym czy jakiś syf w cronie nie siedzi w /var/spool/cron/crontabs/
Potem usunął użytkownika, wywalił jego pliki, zrobił update system, skanowanie clamav i maldet. Ale i tak szybciej byłoby zaorać cały ten vps.
Offline
#10 2020-04-16 12:21:26
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
j to mój użytkownik.
Teraz już nie ma tych dziwnych procesów.
Kod:
# ps aux -L USER PID LWP %CPU NLWP %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 1 0.0 1 0.3 170860 7444 ? Ss kwi05 0:53 /sbin/init root 2 2 0.0 1 0.0 0 0 ? S kwi05 0:00 [kthreadd] root 3 3 0.0 1 0.0 0 0 ? I< kwi05 0:00 [rcu_gp] root 4 4 0.0 1 0.0 0 0 ? I< kwi05 0:00 [rcu_par_gp] root 6 6 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kworker/0:0H-kblockd] root 8 8 0.0 1 0.0 0 0 ? I< kwi05 0:00 [mm_percpu_wq] root 9 9 0.0 1 0.0 0 0 ? S kwi05 15:08 [ksoftirqd/0] root 10 10 0.1 1 0.0 0 0 ? I kwi05 19:00 [rcu_sched] root 11 11 0.0 1 0.0 0 0 ? I kwi05 0:00 [rcu_bh] root 12 12 0.0 1 0.0 0 0 ? S kwi05 0:02 [migration/0] root 14 14 0.0 1 0.0 0 0 ? S kwi05 0:00 [cpuhp/0] root 15 15 0.0 1 0.0 0 0 ? S kwi05 0:00 [kdevtmpfs] root 16 16 0.0 1 0.0 0 0 ? I< kwi05 0:00 [netns] root 17 17 0.0 1 0.0 0 0 ? S kwi05 0:00 [kauditd] root 18 18 0.0 1 0.0 0 0 ? S kwi05 0:00 [khungtaskd] root 19 19 0.0 1 0.0 0 0 ? S kwi05 0:00 [oom_reaper] root 20 20 0.0 1 0.0 0 0 ? I< kwi05 0:00 [writeback] root 21 21 0.0 1 0.0 0 0 ? S kwi05 0:00 [kcompactd0] root 22 22 0.0 1 0.0 0 0 ? SN kwi05 0:00 [ksmd] root 23 23 0.0 1 0.0 0 0 ? SN kwi05 2:26 [khugepaged] root 24 24 0.0 1 0.0 0 0 ? I< kwi05 0:00 [crypto] root 25 25 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kintegrityd] root 26 26 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kblockd] root 27 27 0.0 1 0.0 0 0 ? I< kwi05 0:00 [edac-poller] root 28 28 0.0 1 0.0 0 0 ? I< kwi05 0:00 [devfreq_wq] root 29 29 0.0 1 0.0 0 0 ? S kwi05 0:00 [watchdogd] root 30 30 0.0 1 0.0 0 0 ? S kwi05 3:10 [kswapd0] root 48 48 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kthrotld] root 49 49 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ipv6_addrconf] root 59 59 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kstrp] root 100 100 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ata_sff] root 101 101 0.0 1 0.0 0 0 ? S kwi05 1:33 [scsi_eh_0] root 102 102 0.0 1 0.0 0 0 ? I< kwi05 0:00 [scsi_tmf_0] root 103 103 0.0 1 0.0 0 0 ? S kwi05 0:00 [scsi_eh_1] root 104 104 0.0 1 0.0 0 0 ? I< kwi05 0:00 [scsi_tmf_1] root 106 106 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ttm_swap] root 107 107 0.0 1 0.0 0 0 ? I< kwi05 9:21 [kworker/0:1H-kblockd] root 148 148 0.0 1 0.0 0 0 ? I< kwi05 0:00 [kworker/u3:0] root 150 150 0.1 1 0.0 0 0 ? S kwi05 22:06 [jbd2/sda1-8] root 151 151 0.0 1 0.0 0 0 ? I< kwi05 0:00 [ext4-rsv-conver] root 185 185 0.0 1 0.4 46296 9668 ? Ss kwi05 6:36 /lib/systemd/systemd-journald root 206 206 0.0 1 0.0 0 0 ? I< kwi05 0:00 [rpciod] root 207 207 0.0 1 0.0 0 0 ? I< kwi05 0:00 [xprtiod] root 219 219 0.0 1 0.1 23628 2732 ? Ss kwi05 0:01 /lib/systemd/systemd-udevd systemd+ 228 228 0.0 2 0.2 95144 4480 ? Ssl kwi05 0:02 /lib/systemd/systemd-timesyncd systemd+ 228 232 0.0 2 0.2 95144 4480 ? Ssl kwi05 0:00 /lib/systemd/systemd-timesyncd _rpc 230 230 0.0 1 0.1 6896 2560 ? Ss kwi05 0:01 /sbin/rpcbind -f -w root 358 358 0.0 3 0.1 239128 3824 ? Ssl kwi05 0:01 /usr/lib/accountsservice/accounts-daemon root 358 386 0.0 3 0.1 239128 3824 ? Ssl kwi05 0:59 /usr/lib/accountsservice/accounts-daemon root 358 399 0.0 3 0.1 239128 3824 ? Ssl kwi05 0:00 /usr/lib/accountsservice/accounts-daemon root 360 360 0.0 4 0.1 226024 2996 ? Ssl kwi05 0:00 /usr/sbin/rsyslogd -n -iNONE root 360 390 0.0 4 0.1 226024 2996 ? Ssl kwi05 0:24 /usr/sbin/rsyslogd -n -iNONE root 360 391 0.0 4 0.1 226024 2996 ? Ssl kwi05 0:00 /usr/sbin/rsyslogd -n -iNONE root 360 392 0.0 4 0.1 226024 2996 ? Ssl kwi05 0:29 /usr/sbin/rsyslogd -n -iNONE root 368 368 0.0 1 0.1 8700 2236 ? Ss kwi05 0:03 /usr/sbin/cron -f root 369 369 0.0 5 0.2 398848 5356 ? Ssl kwi05 0:02 /usr/lib/udisks2/udisksd root 369 387 0.0 5 0.2 398848 5356 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 369 400 0.0 5 0.2 398848 5356 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 369 480 0.0 5 0.2 398848 5356 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 369 569 0.0 5 0.2 398848 5356 ? Ssl kwi05 0:00 /usr/lib/udisks2/udisksd root 370 370 0.0 1 0.2 19968 4888 ? Ss kwi05 0:03 /lib/systemd/systemd-logind rtkit 372 372 0.0 3 0.1 152844 2168 ? SNsl kwi05 0:00 /usr/lib/rtkit/rtkit-daemon rtkit 372 403 0.0 3 0.1 152844 2168 ? Ssl kwi05 0:04 /usr/lib/rtkit/rtkit-daemon rtkit 372 404 0.0 3 0.1 152844 2168 ? SNsl kwi05 0:02 /usr/lib/rtkit/rtkit-daemon root 376 376 0.0 1 0.0 2324 660 ? Ss kwi05 0:00 /usr/sbin/acpid root 377 377 0.0 3 0.1 318336 3504 ? Ssl kwi05 0:00 /usr/sbin/ModemManager --filter-policy=strict root 377 395 0.0 3 0.1 318336 3504 ? Ssl kwi05 0:00 /usr/sbin/ModemManager --filter-policy=strict root 377 401 0.0 3 0.1 318336 3504 ? Ssl kwi05 0:00 /usr/sbin/ModemManager --filter-policy=strict message+ 378 378 0.0 1 0.2 10648 4284 ? Ss kwi05 1:13 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 379 379 0.0 3 0.2 333384 5048 ? Ssl kwi05 0:01 /usr/sbin/NetworkManager --no-daemon root 379 422 0.0 3 0.2 333384 5048 ? Ssl kwi05 0:08 /usr/sbin/NetworkManager --no-daemon root 379 432 0.0 3 0.2 333384 5048 ? Ssl kwi05 0:01 /usr/sbin/NetworkManager --no-daemon root 380 380 0.0 1 0.1 19768 2440 ? Ss kwi05 0:02 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant daemon 398 398 0.0 1 0.0 5684 1796 ? Ss kwi05 0:00 /usr/sbin/atd -f root 415 415 0.0 3 0.3 237752 6164 ? Ssl kwi05 0:08 /usr/lib/policykit-1/polkitd --no-debug root 415 423 0.0 3 0.3 237752 6164 ? Ssl kwi05 0:00 /usr/lib/policykit-1/polkitd --no-debug root 415 425 0.0 3 0.3 237752 6164 ? Ssl kwi05 0:23 /usr/lib/policykit-1/polkitd --no-debug root 465 465 0.0 3 0.1 313436 3932 ? SLsl kwi05 0:00 /usr/sbin/lightdm root 465 510 0.0 3 0.1 313436 3932 ? SLsl kwi05 0:00 /usr/sbin/lightdm root 465 513 0.0 3 0.1 313436 3932 ? SLsl kwi05 0:00 /usr/sbin/lightdm root 518 518 0.0 2 1.5 341432 31096 tty7 Ssl+ kwi05 10:52 /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch root 518 1023 0.0 2 1.5 341432 31096 tty7 Ssl+ kwi05 0:00 /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch mysql 561 561 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:01 /usr/sbin/mysqld mysql 561 607 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 616 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:01 /usr/sbin/mysqld mysql 561 655 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:20 /usr/sbin/mysqld mysql 561 656 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:19 /usr/sbin/mysqld mysql 561 657 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:21 /usr/sbin/mysqld mysql 561 658 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:22 /usr/sbin/mysqld mysql 561 659 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:21 /usr/sbin/mysqld mysql 561 660 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:20 /usr/sbin/mysqld mysql 561 661 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:20 /usr/sbin/mysqld mysql 561 662 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:22 /usr/sbin/mysqld mysql 561 663 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:21 /usr/sbin/mysqld mysql 561 664 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:18 /usr/sbin/mysqld mysql 561 665 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:38 /usr/sbin/mysqld mysql 561 667 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:16 /usr/sbin/mysqld mysql 561 668 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:23 /usr/sbin/mysqld mysql 561 669 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:04 /usr/sbin/mysqld mysql 561 670 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:03 /usr/sbin/mysqld mysql 561 671 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:05 /usr/sbin/mysqld mysql 561 672 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:34 /usr/sbin/mysqld mysql 561 673 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:06 /usr/sbin/mysqld mysql 561 674 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 675 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 676 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 677 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 678 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:19 /usr/sbin/mysqld mysql 561 679 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 680 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 681 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld mysql 561 682 0.0 30 1.3 1264784 28240 ? Ssl kwi05 0:00 /usr/sbin/mysqld root 567 567 0.0 1 0.1 9488 3380 ? S kwi05 0:00 /sbin/dhclient -d -q -sf /usr/lib/NetworkManager/nm-dhcp-helper -pf /run/dhclient-eth0.pid -lf /var/lib/NetworkManager/dhclient-2728ac63-3aab-42f8-a182-10e31cba4a root 594 594 0.0 1 0.0 5808 1244 tty1 Ss+ kwi05 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux uuidd 879 879 0.0 1 0.0 7700 536 ? Ss kwi11 0:00 /usr/sbin/uuidd --socket-activation Debian-+ 966 966 0.0 1 0.1 22220 2108 ? Ss kwi05 0:00 /usr/sbin/exim4 -bd -q30m root 1083 1083 0.0 1 0.2 21156 5220 ? Ss kwi05 0:00 /lib/systemd/systemd --user root 1084 1084 0.0 1 0.0 105188 112 ? S kwi05 0:00 (sd-pam) avahi 3801 3801 0.0 1 0.1 8476 2588 ? Ss kwi08 0:11 avahi-daemon: running [doscniewoli.local] avahi 3802 3802 0.0 1 0.0 8352 28 ? S kwi08 0:00 avahi-daemon: chroot helper j 5292 5292 0.0 7 12.9 300428 264332 ? Ssl 00:59 0:02 ./kswapd0 j 5292 5293 0.0 7 12.9 300428 264332 ? Ssl 00:59 0:01 ./kswapd0 j 5292 5294 0.0 7 12.9 300428 264332 ? Ssl 00:59 0:00 ./kswapd0 j 5292 5295 0.0 7 12.9 300428 264332 ? Ssl 00:59 0:00 ./kswapd0 j 5292 5296 0.0 7 12.9 300428 264332 ? Ssl 00:59 0:00 ./kswapd0 j 5292 5297 0.0 7 12.9 300428 264332 ? Ssl 00:59 0:00 ./kswapd0 j 5292 5299 22.4 7 12.9 300428 264332 ? Rsl 00:59 153:47 ./kswapd0 oracle 8568 8568 0.0 1 3.3 1054976 67812 ? Ss 02:13 0:00 xe_q002_XE root 9419 9419 0.0 1 0.3 15948 7200 ? Ss 09:58 0:00 /usr/sbin/sshd -D root 9830 9830 0.0 1 0.0 0 0 ? I 10:23 0:00 [kworker/u2:2-events_unbound] root 10186 10186 0.0 1 0.4 20860 8648 pts/1 S+ 10:41 0:00 mc root 10188 10188 0.0 1 0.1 7188 3028 pts/0 Ss+ 10:41 0:00 bash -rcfile .bashrc oracle 10437 10437 0.0 2 0.4 197520 8924 ? Ssl kwi05 0:18 /opt/oracle/product/18c/dbhomeXE/bin/tnslsnr LISTENER -inherit oracle 10437 10438 0.0 2 0.4 197520 8924 ? Ssl kwi05 0:11 /opt/oracle/product/18c/dbhomeXE/bin/tnslsnr LISTENER -inherit oracle 10483 10483 0.0 1 2.9 1054712 60868 ? Ss kwi05 0:54 xe_pmon_XE oracle 10485 10485 0.0 1 2.8 1054712 57456 ? Ss kwi05 0:17 xe_clmn_XE oracle 10487 10487 0.0 1 2.7 1054712 56768 ? Ss kwi05 3:02 xe_psp0_XE oracle 10489 10489 0.0 1 2.7 1054712 56756 ? Ss kwi05 4:05 xe_vktm_XE oracle 10493 10493 0.0 1 4.4 1074188 90008 ? Ss kwi05 0:49 xe_gen0_XE oracle 10495 10495 0.0 1 4.7 1054712 96952 ? Ss kwi05 0:22 xe_mman_XE oracle 10499 10499 0.0 2 3.5 1175716 72080 ? Ssl kwi05 0:06 xe_gen1_XE oracle 10499 10500 0.0 2 3.5 1175716 72080 ? Ssl kwi05 3:32 xe_gen1_XE root 10501 10501 0.0 1 0.4 17064 8308 ? Ss 11:07 0:00 sshd: j [priv] oracle 10502 10502 0.0 1 2.7 1054712 56700 ? Ss kwi05 0:32 xe_diag_XE oracle 10504 10504 0.0 2 2.7 1175720 56608 ? Ssl kwi05 0:06 xe_ofsd_XE oracle 10504 10505 0.0 2 2.7 1175720 56608 ? Ssl kwi05 0:06 xe_ofsd_XE oracle 10507 10507 0.0 1 4.7 1072192 96684 ? Ss kwi05 6:55 xe_dbrm_XE oracle 10509 10509 0.3 1 2.8 1054712 58860 ? Ss kwi05 51:48 xe_vkrm_XE oracle 10511 10511 0.0 1 2.7 1055224 56336 ? Ss kwi05 0:35 xe_svcb_XE oracle 10513 10513 0.0 1 2.7 1054712 56996 ? Ss kwi05 1:20 xe_pman_XE oracle 10515 10515 0.0 1 3.4 1057912 71460 ? Ss kwi05 5:57 xe_dia0_XE j 10516 10516 0.0 1 0.2 17064 5508 ? S 11:07 0:00 sshd: j@pts/2 oracle 10517 10517 0.0 1 6.5 1076676 133312 ? Ss kwi05 3:18 xe_dbw0_XE j 10518 10518 0.0 1 0.2 8092 4364 pts/2 Ss 11:07 0:00 -bash oracle 10519 10519 0.0 1 3.0 1069708 63044 ? Ss kwi05 1:33 xe_lgwr_XE oracle 10521 10521 0.0 1 3.6 1069708 74828 ? Ss kwi05 4:41 xe_ckpt_XE oracle 10523 10523 0.0 1 6.4 1074256 130888 ? Ss kwi05 0:36 xe_smon_XE oracle 10525 10525 0.0 1 3.0 1069708 62140 ? Ss kwi05 0:49 xe_smco_XE oracle 10527 10527 0.0 1 4.7 1074196 96828 ? Ss kwi05 0:14 xe_reco_XE root 10528 10528 0.0 1 0.1 10040 3536 pts/2 S 11:07 0:00 su oracle 10529 10529 0.0 1 6.2 1092384 127216 ? Ss kwi05 0:22 xe_w000_XE oracle 10531 10531 0.0 1 3.4 1063320 70972 ? Ss kwi05 0:43 xe_lreg_XE oracle 10533 10533 0.0 1 6.2 1092388 126992 ? Ss kwi05 0:24 xe_w001_XE root 10534 10534 0.0 1 0.1 7188 3456 pts/2 S 11:07 0:00 bash oracle 10535 10535 0.0 1 2.7 1069184 57168 ? Ss kwi05 0:14 xe_pxmn_XE oracle 10539 10539 0.0 1 7.3 1080596 151204 ? Ss kwi05 8:35 xe_mmon_XE oracle 10541 10541 0.0 1 4.4 1055552 91360 ? Ss kwi05 0:22 xe_mmnl_XE oracle 10543 10543 0.0 1 2.5 1059352 52804 ? Ss kwi05 0:15 xe_d000_XE oracle 10545 10545 0.0 1 2.5 1056552 52412 ? Ss kwi05 0:12 xe_s000_XE oracle 10547 10547 0.0 1 2.7 1054712 57124 ? Ss kwi05 0:10 xe_tmon_XE oracle 10558 10558 0.0 1 2.8 1092104 58788 ? Ss kwi05 0:14 xe_tt00_XE oracle 10560 10560 0.0 1 2.8 1054452 57732 ? Ss kwi05 0:08 xe_tt01_XE oracle 10562 10562 0.0 1 2.8 1054452 57588 ? Ss kwi05 0:40 xe_tt02_XE oracle 10565 10565 0.0 1 5.3 1084176 109736 ? Ss kwi05 0:20 xe_w002_XE oracle 10567 10567 0.0 1 5.3 1100644 110220 ? Ss kwi05 0:24 xe_w003_XE oracle 10569 10569 0.0 1 4.4 1080356 91672 ? Ss kwi05 0:26 xe_aqpc_XE oracle 10571 10571 0.0 1 6.1 1100620 125680 ? Ss kwi05 0:24 xe_w004_XE oracle 10577 10577 0.0 1 2.5 1054452 52716 ? Ss kwi05 0:29 xe_p000_XE oracle 10579 10579 0.0 1 3.1 1057320 63612 ? Ss kwi05 0:10 xe_qm02_XE oracle 10585 10585 0.0 1 3.9 1060084 81360 ? Ss kwi05 0:09 xe_q003_XE root 10706 10706 0.0 1 1.8 323160 36804 ? Ss 11:12 0:00 /usr/sbin/apache2 -k start www-data 10707 10707 0.0 1 2.3 333136 48204 ? S 11:12 0:00 /usr/sbin/apache2 -k start oracle 10791 10791 0.1 1 9.5 1117356 196056 ? Ss kwi05 25:43 xe_cjq0_XE oracle 10793 10793 0.0 1 6.0 1084196 123452 ? Ss kwi05 0:28 xe_w005_XE oracle 10913 10913 0.0 1 5.9 1092388 122160 ? Ss kwi05 0:21 xe_w006_XE oracle 10917 10917 0.0 1 6.2 1092420 127136 ? Ss kwi05 0:24 xe_w007_XE www-data 10980 10980 0.0 1 2.3 333196 48356 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 10981 10981 0.0 1 2.2 333120 45260 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 10982 10982 0.0 1 2.2 332188 46160 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 10983 10983 0.0 1 2.3 332952 48760 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 10985 10985 0.0 1 2.1 333252 44792 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 10987 10987 0.0 1 2.1 333148 43752 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 10989 10989 0.0 1 2.4 333076 49356 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 10994 10994 0.0 1 2.2 333320 46388 ? S 11:28 0:00 /usr/sbin/apache2 -k start www-data 11069 11069 0.0 1 2.5 338540 52888 ? S 11:32 0:01 /usr/sbin/apache2 -k start j 11125 11125 0.0 1 0.3 14040 6756 ? S 11:33 0:00 rsync oracle 11197 11197 0.0 1 4.0 1058172 82252 ? Ss 11:38 0:00 oracleXE (LOCAL=NO) j 11311 11311 0.0 1 0.3 14064 6800 ? S 11:44 0:00 rsync oracle 11432 11432 0.0 1 4.0 1058180 82280 ? Ss 11:51 0:00 oracleXE (LOCAL=NO) oracle 11438 11438 0.0 1 4.2 1065376 87400 ? Ss 11:52 0:01 xe_m004_XE oracle 11442 11442 0.0 1 4.0 1058172 82320 ? Ss 11:52 0:00 oracleXE (LOCAL=NO) root 11793 11793 0.0 1 0.1 38788 3464 ? Ss kwi11 0:04 /usr/sbin/winbindd --foreground --no-process-group root 11795 11795 0.0 1 0.0 38788 1324 ? S kwi11 0:01 winbindd: domain child [DOSCNIEWOLI] oracle 13275 13275 0.0 1 5.6 1065216 116140 ? Ss 12:05 0:00 xe_m002_XE root 13757 13757 0.0 3 0.2 166940 4152 ? Sl kwi11 0:00 lightdm --session-child 12 21 root 13757 13758 0.0 3 0.2 166940 4152 ? Sl kwi11 0:00 lightdm --session-child 12 21 root 13757 13759 0.0 3 0.2 166940 4152 ? Sl kwi11 0:00 lightdm --session-child 12 21 fx 13772 13772 0.0 1 0.2 21280 5100 ? Ss kwi11 0:00 /lib/systemd/systemd --user fx 13773 13773 0.0 1 0.0 172192 172 ? S kwi11 0:00 (sd-pam) fx 13785 13785 0.0 4 0.1 240920 2420 ? Sl kwi11 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13785 13786 0.0 4 0.1 240920 2420 ? Sl kwi11 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13785 13787 0.0 4 0.1 240920 2420 ? Sl kwi11 0:02 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13785 13836 0.0 4 0.1 240920 2420 ? Sl kwi11 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login fx 13788 13788 0.0 4 0.5 284780 10436 ? Ssl kwi11 0:14 x-session-manager fx 13788 13823 0.0 4 0.5 284780 10436 ? Ssl kwi11 0:00 x-session-manager fx 13788 13824 0.0 4 0.5 284780 10436 ? Ssl kwi11 0:00 x-session-manager fx 13788 13829 0.0 4 0.5 284780 10436 ? Ssl kwi11 0:00 x-session-manager fx 13796 13796 0.0 1 0.2 17312 4924 ? Ss kwi11 0:08 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only fx 13807 13807 0.0 1 0.0 0 0 ? Z kwi11 0:00 [xbrlapi] <defunct> fx 13816 13816 0.0 1 0.0 5852 40 ? Ss kwi11 0:05 /usr/bin/ssh-agent x-session-manager fx 13817 13817 0.0 4 0.1 312556 2444 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13817 13818 0.0 4 0.1 312556 2444 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13817 13819 0.0 4 0.1 312556 2444 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13817 13821 0.0 4 0.1 312556 2444 ? Ssl kwi11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 13822 13822 0.0 1 0.1 9940 2988 ? S kwi11 0:03 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 fx 13826 13826 0.0 3 0.1 174140 3236 ? Sl kwi11 0:11 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 13826 13827 0.0 3 0.1 174140 3236 ? Sl kwi11 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 13826 13828 0.0 3 0.1 174140 3236 ? Sl kwi11 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 13831 13831 0.0 3 0.1 159340 2444 ? Sl kwi11 0:00 /usr/lib/dconf/dconf-service fx 13831 13832 0.0 3 0.1 159340 2444 ? Sl kwi11 0:00 /usr/lib/dconf/dconf-service fx 13831 13833 0.0 3 0.1 159340 2444 ? Sl kwi11 0:00 /usr/lib/dconf/dconf-service fx 13837 13837 0.0 5 0.7 1009688 14872 ? Sl kwi11 0:41 /usr/bin/mate-settings-daemon fx 13837 13838 0.0 5 0.7 1009688 14872 ? Sl kwi11 0:04 /usr/bin/mate-settings-daemon fx 13837 13839 0.0 5 0.7 1009688 14872 ? Sl kwi11 0:00 /usr/bin/mate-settings-daemon fx 13837 13840 0.0 5 0.7 1009688 14872 ? Sl kwi11 0:00 /usr/bin/mate-settings-daemon fx 13837 13852 0.0 5 0.7 1009688 14872 ? Sl kwi11 0:00 /usr/bin/mate-settings-daemon fx 13842 13842 0.0 4 0.7 705128 14312 ? Sl kwi11 2:55 marco fx 13842 13844 0.0 4 0.7 705128 14312 ? Sl kwi11 0:00 marco fx 13842 13845 0.0 4 0.7 705128 14312 ? Sl kwi11 0:00 marco fx 13842 13846 0.0 4 0.7 705128 14312 ? Sl kwi11 0:00 marco fx 13843 13843 0.0 3 0.1 240460 3576 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd fx 13843 13847 0.0 3 0.1 240460 3576 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd fx 13843 13848 0.0 3 0.1 240460 3576 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd fx 13853 13853 0.0 4 1.1 561768 23856 ? Sl kwi11 0:39 mate-panel fx 13853 13854 0.0 4 1.1 561768 23856 ? Sl kwi11 0:04 mate-panel fx 13853 13855 0.0 4 1.1 561768 23856 ? Sl kwi11 0:00 mate-panel fx 13853 13856 0.0 4 1.1 561768 23856 ? Sl kwi11 0:00 mate-panel fx 13874 13874 0.0 4 1.1 736512 23968 ? Sl kwi11 0:41 caja fx 13874 13914 0.0 4 1.1 736512 23968 ? Sl kwi11 0:04 caja fx 13874 13915 0.0 4 1.1 736512 23968 ? Sl kwi11 0:00 caja fx 13874 13924 0.0 4 1.1 736512 23968 ? Sl kwi11 0:00 caja fx 13875 13875 0.0 3 0.2 280936 4160 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 13875 13879 0.0 3 0.2 280936 4160 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 13875 13880 0.0 3 0.2 280936 4160 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 13882 13882 0.0 3 0.6 528260 12404 ? Sl kwi11 0:00 mate-volume-control-applet fx 13882 13887 0.0 3 0.6 528260 12404 ? Sl kwi11 0:00 mate-volume-control-applet fx 13882 13888 0.0 3 0.6 528260 12404 ? Sl kwi11 0:00 mate-volume-control-applet fx 13885 13885 0.0 4 0.6 368512 12596 ? Sl kwi11 0:00 nm-applet fx 13885 13902 0.0 4 0.6 368512 12596 ? Sl kwi11 0:00 nm-applet fx 13885 13903 0.0 4 0.6 368512 12596 ? Sl kwi11 0:00 nm-applet fx 13885 13923 0.0 4 0.6 368512 12596 ? Sl kwi11 0:00 nm-applet fx 13892 13892 0.0 4 0.7 366176 15800 ? Sl kwi11 0:51 mate-screensaver fx 13892 13899 0.0 4 0.7 366176 15800 ? Sl kwi11 0:03 mate-screensaver fx 13892 13900 0.0 4 0.7 366176 15800 ? Sl kwi11 0:00 mate-screensaver fx 13892 13901 0.0 4 0.7 366176 15800 ? Sl kwi11 0:00 mate-screensaver fx 13897 13897 0.0 4 0.5 357112 10912 ? Sl kwi11 0:06 mate-power-manager fx 13897 13926 0.0 4 0.5 357112 10912 ? Sl kwi11 0:00 mate-power-manager fx 13897 13927 0.0 4 0.5 357112 10912 ? Sl kwi11 0:00 mate-power-manager fx 13897 13933 0.0 4 0.5 357112 10912 ? Sl kwi11 0:00 mate-power-manager fx 13898 13898 0.0 3 0.1 311336 2236 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 13898 13909 0.0 3 0.1 311336 2236 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 13898 13912 0.0 3 0.1 311336 2236 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 13908 13908 0.0 3 0.1 238384 2816 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 13908 13920 0.0 3 0.1 238384 2816 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 13908 13922 0.0 3 0.1 238384 2816 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 13925 13925 0.0 4 0.1 319252 2180 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13925 13928 0.0 4 0.1 319252 2180 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13925 13929 0.0 4 0.1 319252 2180 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13925 13931 0.0 4 0.1 319252 2180 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 13932 13932 0.0 3 0.1 236580 2736 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 13932 13935 0.0 3 0.1 236580 2736 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 13932 13936 0.0 3 0.1 236580 2736 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor root 13934 13934 0.0 3 0.1 258632 3508 ? Ssl kwi11 0:00 /usr/lib/upower/upowerd root 13934 13942 0.0 3 0.1 258632 3508 ? Ssl kwi11 0:00 /usr/lib/upower/upowerd root 13934 13943 0.0 3 0.1 258632 3508 ? Ssl kwi11 0:00 /usr/lib/upower/upowerd fx 13938 13938 0.0 3 0.1 240864 3280 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 13938 13939 0.0 3 0.1 240864 3280 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 13938 13941 0.0 3 0.1 240864 3280 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 13946 13946 0.0 4 0.7 361164 15032 ? Sl kwi11 0:26 /usr/lib/mate-panel/wnck-applet fx 13946 13962 0.0 4 0.7 361164 15032 ? Sl kwi11 0:00 /usr/lib/mate-panel/wnck-applet fx 13946 13964 0.0 4 0.7 361164 15032 ? Sl kwi11 0:00 /usr/lib/mate-panel/wnck-applet fx 13946 13978 0.0 4 0.7 361164 15032 ? Sl kwi11 0:00 /usr/lib/mate-panel/wnck-applet fx 13947 13947 0.0 3 0.1 388164 3248 ? Sl kwi11 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.21 /org/gtk/gvfs/exec_spaw/0 fx 13947 13957 0.0 3 0.1 388164 3248 ? Sl kwi11 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.21 /org/gtk/gvfs/exec_spaw/0 fx 13947 13958 0.0 3 0.1 388164 3248 ? Sl kwi11 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.21 /org/gtk/gvfs/exec_spaw/0 fx 13950 13950 0.0 4 0.5 356696 10248 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13950 13965 0.0 4 0.5 356696 10248 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13950 13967 0.0 4 0.5 356696 10248 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13950 13976 0.0 4 0.5 356696 10248 ? Sl kwi11 0:00 /usr/lib/mate-panel/notification-area-applet fx 13951 13951 0.0 4 0.7 406412 15536 ? Sl kwi11 0:13 /usr/lib/mate-panel/clock-applet fx 13951 13970 0.0 4 0.7 406412 15536 ? Sl kwi11 0:00 /usr/lib/mate-panel/clock-applet fx 13951 13972 0.0 4 0.7 406412 15536 ? Sl kwi11 0:00 /usr/lib/mate-panel/clock-applet fx 13951 13977 0.0 4 0.7 406412 15536 ? Sl kwi11 0:00 /usr/lib/mate-panel/clock-applet oracle 14369 14369 0.0 1 4.0 1065380 83272 ? Ss 12:10 0:00 xe_m006_XE root 14434 14434 0.0 1 0.0 0 0 ? I 12:11 0:00 [kworker/0:0-mm_percpu_wq] fx 14520 14520 0.0 3 0.1 237604 2372 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 14520 14524 0.0 3 0.1 237604 2372 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 14520 14529 0.0 3 0.1 237604 2372 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent root 14859 14859 0.0 1 0.0 0 0 ? I 12:13 0:00 [kworker/u2:0-events_unbound] root 15380 15380 0.0 1 0.0 0 0 ? I 12:16 0:00 [kworker/0:1-ata_sff] root 15809 15809 0.0 1 0.0 0 0 ? I 12:18 0:00 [kworker/u2:1-events_unbound] oracle 16337 16337 0.1 1 3.0 1054452 62948 ? Ss 12:21 0:00 xe_m000_XE root 16384 16384 0.0 1 0.0 0 0 ? I 12:21 0:00 [kworker/0:2-ata_sff] oracle 16398 16398 0.0 1 3.0 1054452 62924 ? Ss 12:22 0:00 xe_qm03_XE root 16401 16401 0.0 1 0.1 10828 3188 pts/2 R+ 12:22 0:00 ps aux -L root 18389 18389 0.0 1 0.3 17092 7628 ? Ss 08:00 0:00 sshd: root@pts/1 root 18400 18400 0.0 1 0.1 8736 3988 pts/1 Ss 08:00 0:00 -bash fx 19606 19606 0.0 3 0.1 164988 2272 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd-metadata fx 19606 19607 0.0 3 0.1 164988 2272 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd-metadata fx 19606 19608 0.0 3 0.1 164988 2272 ? Ssl kwi11 0:00 /usr/lib/gvfs/gvfsd-metadata j 21572 21572 0.0 1 0.2 21152 5068 ? Ss kwi14 0:00 /lib/systemd/systemd --user j 21573 21573 0.0 1 0.0 172256 280 ? S kwi14 0:00 (sd-pam) j 21617 21617 0.0 1 0.1 9036 2652 ? Ss kwi14 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only fx 22190 22190 0.0 3 0.1 237604 2180 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 22190 22197 0.0 3 0.1 237604 2180 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 22190 22200 0.0 3 0.1 237604 2180 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 22841 22841 0.0 4 0.1 240736 2464 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 22841 22842 0.0 4 0.1 240736 2464 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 22841 22843 0.0 4 0.1 240736 2464 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 22841 22844 0.0 4 0.1 240736 2464 ? Sl kwi11 0:00 gnome-keyring-daemon --start fx 23029 23029 0.0 3 0.1 311336 2204 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 23029 23031 0.0 3 0.1 311336 2204 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 23029 23033 0.0 3 0.1 311336 2204 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent j 23486 23486 0.0 1 0.1 14036 3272 ? S kwi14 0:16 rsync fx 24275 24275 0.0 3 0.1 237604 2348 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 24275 24277 0.0 3 0.1 237604 2348 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 24275 24282 0.0 3 0.1 237604 2348 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26471 26471 0.0 3 0.1 237604 2328 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26471 26480 0.0 3 0.1 237604 2328 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26471 26493 0.0 3 0.1 237604 2328 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26970 26970 0.0 3 0.1 237604 2204 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26970 26972 0.0 3 0.1 237604 2204 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 26970 26974 0.0 3 0.1 237604 2204 ? Sl kwi11 0:00 /usr/lib/geoclue-2.0/demos/agent fx 27547 27547 0.0 3 0.8 206532 17032 ? Sl kwi15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 27547 27548 0.0 3 0.8 206532 17032 ? Sl kwi15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 27547 27550 0.0 3 0.8 206532 17032 ? Sl kwi15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 27618 27618 0.0 3 0.1 311336 2384 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 27618 27620 0.0 3 0.1 311336 2384 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 27618 27628 0.0 3 0.1 311336 2384 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 29565 29565 0.0 3 0.1 311336 2516 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 29565 29569 0.0 3 0.1 311336 2516 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 29565 29572 0.0 3 0.1 311336 2516 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 29947 29947 0.0 2 0.2 1491300 4856 ? S<sl kwi15 0:00 /usr/bin/pulseaudio --daemonize=no fx 29947 29949 0.0 2 0.2 1491300 4856 ? Ssl kwi15 0:00 /usr/bin/pulseaudio --daemonize=no fx 30006 30006 0.8 1 0.6 176696 14048 ? S kwi15 13:07 Xtightvnc :1 -desktop X -auth /home/fx/.Xauthority -geometry 1852x1000 -depth 16 -rfbwait 120000 -rfbauth /home/fx/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/ fx 30013 30013 0.0 4 0.5 287540 11108 ? Sl kwi15 0:04 mate-session fx 30013 30027 0.0 4 0.5 287540 11108 ? Sl kwi15 0:00 mate-session fx 30013 30031 0.0 4 0.5 287540 11108 ? Sl kwi15 0:00 mate-session fx 30013 30036 0.0 4 0.5 287540 11108 ? Sl kwi15 0:00 mate-session fx 30016 30016 0.0 1 0.0 11032 1276 ? S kwi15 0:00 dbus-launch --exit-with-session mate-session fx 30018 30018 0.0 1 0.1 9384 2544 ? Ss kwi15 0:00 /usr/bin/dbus-daemon --syslog --fork --print-pid 5 --print-address 7 --session fx 30020 30020 0.0 4 0.1 312556 2988 ? Sl kwi15 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30020 30022 0.0 4 0.1 312556 2988 ? Sl kwi15 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30020 30023 0.0 4 0.1 312556 2988 ? Sl kwi15 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30020 30025 0.0 4 0.1 312556 2988 ? Sl kwi15 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher fx 30026 30026 0.0 1 0.1 9164 3172 ? S kwi15 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 fx 30029 30029 0.0 3 0.1 174008 3292 ? Sl kwi15 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 30029 30034 0.0 3 0.1 174008 3292 ? Sl kwi15 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 30029 30035 0.0 3 0.1 174008 3292 ? Sl kwi15 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session fx 30044 30044 0.0 3 0.1 159340 2548 ? Sl kwi15 0:00 /usr/lib/dconf/dconf-service fx 30044 30046 0.0 3 0.1 159340 2548 ? Sl kwi15 0:00 /usr/lib/dconf/dconf-service fx 30044 30047 0.0 3 0.1 159340 2548 ? Sl kwi15 0:00 /usr/lib/dconf/dconf-service fx 30058 30058 0.0 5 0.7 1048980 15140 ? Sl kwi15 0:06 /usr/bin/mate-settings-daemon fx 30058 30061 0.0 5 0.7 1048980 15140 ? Sl kwi15 0:00 /usr/bin/mate-settings-daemon fx 30058 30062 0.0 5 0.7 1048980 15140 ? Sl kwi15 0:00 /usr/bin/mate-settings-daemon fx 30058 30063 0.0 5 0.7 1048980 15140 ? Sl kwi15 0:00 /usr/bin/mate-settings-daemon fx 30058 30088 0.0 5 0.7 1048980 15140 ? Sl kwi15 0:00 /usr/bin/mate-settings-daemon fx 30071 30071 0.0 4 0.6 336188 13676 ? Sl kwi15 0:01 marco fx 30071 30074 0.0 4 0.6 336188 13676 ? Sl kwi15 0:00 marco fx 30071 30075 0.0 4 0.6 336188 13676 ? Sl kwi15 0:00 marco fx 30071 30076 0.0 4 0.6 336188 13676 ? Sl kwi15 0:00 marco fx 30073 30073 0.0 3 0.1 240464 3644 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd fx 30073 30077 0.0 3 0.1 240464 3644 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd fx 30073 30078 0.0 3 0.1 240464 3644 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd fx 30080 30080 0.0 4 0.8 555976 16448 ? Sl kwi15 0:03 mate-panel fx 30080 30083 0.0 4 0.8 555976 16448 ? Sl kwi15 0:01 mate-panel fx 30080 30084 0.0 4 0.8 555976 16448 ? Sl kwi15 0:00 mate-panel fx 30080 30085 0.0 4 0.8 555976 16448 ? Sl kwi15 0:00 mate-panel fx 30089 30089 0.0 4 0.7 762600 16220 ? Sl kwi15 0:06 caja fx 30089 30115 0.0 4 0.7 762600 16220 ? Sl kwi15 0:00 caja fx 30089 30116 0.0 4 0.7 762600 16220 ? Sl kwi15 0:00 caja fx 30089 30138 0.0 4 0.7 762600 16220 ? Sl kwi15 0:00 caja fx 30101 30101 0.0 3 0.6 677556 13112 ? Sl kwi15 0:00 mate-volume-control-applet fx 30101 30125 0.0 3 0.6 677556 13112 ? Sl kwi15 0:00 mate-volume-control-applet fx 30101 30127 0.0 3 0.6 677556 13112 ? Sl kwi15 0:00 mate-volume-control-applet fx 30102 30102 0.0 3 0.8 208008 17004 ? Sl kwi15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 30102 30123 0.0 3 0.8 208008 17004 ? Sl kwi15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 30102 30124 0.0 3 0.8 208008 17004 ? Sl kwi15 0:00 /usr/lib/x86_64-linux-gnu/polkit-mate/polkit-mate-authentication-agent-1 fx 30103 30103 0.0 4 0.6 370384 13400 ? Sl kwi15 0:00 nm-applet fx 30103 30130 0.0 4 0.6 370384 13400 ? Sl kwi15 0:00 nm-applet fx 30103 30131 0.0 4 0.6 370384 13400 ? Sl kwi15 0:00 nm-applet fx 30103 30142 0.0 4 0.6 370384 13400 ? Sl kwi15 0:00 nm-applet fx 30106 30106 0.0 4 0.5 288488 10548 ? Sl kwi15 0:00 mate-screensaver fx 30106 30139 0.0 4 0.5 288488 10548 ? Sl kwi15 0:00 mate-screensaver fx 30106 30140 0.0 4 0.5 288488 10548 ? Sl kwi15 0:00 mate-screensaver fx 30106 30141 0.0 4 0.5 288488 10548 ? Sl kwi15 0:00 mate-screensaver fx 30112 30112 0.0 3 0.1 237604 2392 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 30112 30117 0.0 3 0.1 237604 2392 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 30112 30119 0.0 3 0.1 237604 2392 ? Sl kwi15 0:00 /usr/lib/geoclue-2.0/demos/agent fx 30147 30147 0.0 3 0.2 280808 4336 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 30147 30149 0.0 3 0.2 280808 4336 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 30147 30150 0.0 3 0.2 280808 4336 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor fx 30155 30155 0.0 3 0.1 238384 2976 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 30155 30156 0.0 3 0.1 238384 2976 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 30155 30158 0.0 3 0.1 238384 2976 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor fx 30160 30160 0.0 4 0.1 319252 2364 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30160 30161 0.0 4 0.1 319252 2364 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30160 30162 0.0 4 0.1 319252 2364 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30160 30164 0.0 4 0.1 319252 2364 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor fx 30166 30166 0.0 3 0.1 236584 2860 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 30166 30167 0.0 3 0.1 236584 2860 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 30166 30168 0.0 3 0.1 236584 2860 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor fx 30171 30171 0.0 3 0.1 240864 3192 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 30171 30172 0.0 3 0.1 240864 3192 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 30171 30174 0.0 3 0.1 240864 3192 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor fx 30177 30177 0.0 4 0.7 406960 14912 ? Sl kwi15 0:03 /usr/lib/mate-panel/clock-applet fx 30177 30194 0.0 4 0.7 406960 14912 ? Sl kwi15 0:00 /usr/lib/mate-panel/clock-applet fx 30177 30196 0.0 4 0.7 406960 14912 ? Sl kwi15 0:00 /usr/lib/mate-panel/clock-applet fx 30177 30201 0.0 4 0.7 406960 14912 ? Sl kwi15 0:00 /usr/lib/mate-panel/clock-applet fx 30178 30178 0.0 4 0.7 362928 14552 ? Sl kwi15 0:03 /usr/lib/mate-panel/wnck-applet fx 30178 30190 0.0 4 0.7 362928 14552 ? Sl kwi15 0:00 /usr/lib/mate-panel/wnck-applet fx 30178 30192 0.0 4 0.7 362928 14552 ? Sl kwi15 0:00 /usr/lib/mate-panel/wnck-applet fx 30178 30205 0.0 4 0.7 362928 14552 ? Sl kwi15 0:00 /usr/lib/mate-panel/wnck-applet fx 30180 30180 0.0 4 0.5 358160 10656 ? Sl kwi15 0:00 /usr/lib/mate-panel/notification-area-applet fx 30180 30185 0.0 4 0.5 358160 10656 ? Sl kwi15 0:00 /usr/lib/mate-panel/notification-area-applet fx 30180 30189 0.0 4 0.5 358160 10656 ? Sl kwi15 0:00 /usr/lib/mate-panel/notification-area-applet fx 30180 30202 0.0 4 0.5 358160 10656 ? Sl kwi15 0:00 /usr/lib/mate-panel/notification-area-applet fx 30181 30181 0.0 3 0.1 388160 3388 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.11 /org/gtk/gvfs/exec_spaw/0 fx 30181 30182 0.0 3 0.1 388160 3388 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.11 /org/gtk/gvfs/exec_spaw/0 fx 30181 30183 0.0 3 0.1 388160 3388 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.11 /org/gtk/gvfs/exec_spaw/0 fx 30217 30217 0.0 1 0.1 40508 3712 ? S kwi15 0:03 xterm -class UXTerm -title uxterm -u8 fx 30226 30226 0.0 1 0.1 8740 2264 pts/4 Ss+ kwi15 0:00 bash fx 30462 30462 6.6 1 0.1 9168 3124 ? Ss kwi15 105:37 /usr/lib/wine/wineserver32 -p0 fx 30466 30466 0.0 5 0.0 2633908 892 ? Ssl kwi15 0:00 C:\windows\system32\services.exe fx 30466 30467 0.0 5 0.0 2633908 892 ? Ssl kwi15 0:00 C:\windows\system32\services.exe fx 30466 30495 0.0 5 0.0 2633908 892 ? Ssl kwi15 0:00 C:\windows\system32\services.exe fx 30466 30498 0.0 5 0.0 2633908 892 ? Ssl kwi15 0:00 C:\windows\system32\services.exe fx 30466 30965 0.0 5 0.0 2633908 892 ? Ssl kwi15 0:00 C:\windows\system32\services.exe fx 30473 30473 0.0 2 0.0 2654520 452 pts/4 Sl kwi15 0:00 C:\windows\system32\explorer.exe /desktop fx 30473 30474 0.0 2 0.0 2654520 452 pts/4 Sl kwi15 0:08 C:\windows\system32\explorer.exe /desktop fx 30494 30494 0.0 4 0.0 2642052 1856 ? Sl kwi15 0:00 C:\windows\system32\winedevice.exe fx 30494 30496 0.0 4 0.0 2642052 1856 ? Sl kwi15 0:00 C:\windows\system32\winedevice.exe fx 30494 30497 0.0 4 0.0 2642052 1856 ? Sl kwi15 0:00 C:\windows\system32\winedevice.exe fx 30494 30499 0.0 4 0.0 2642052 1856 ? Sl kwi15 0:00 C:\windows\system32\winedevice.exe fx 30547 30547 0.0 3 0.1 164988 2904 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-metadata fx 30547 30548 0.0 3 0.1 164988 2904 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-metadata fx 30547 30549 0.0 3 0.1 164988 2904 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-metadata fx 30582 30582 9.7 7 1.3 1417772 27008 ? Rsl kwi15 156:19 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 30959 0.0 7 1.3 1417772 27008 ? Ssl kwi15 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31008 0.0 7 1.3 1417772 27008 ? Ssl kwi15 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31009 0.0 7 1.3 1417772 27008 ? Ssl kwi15 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31010 0.0 7 1.3 1417772 27008 ? Ssl kwi15 0:00 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 31057 1.9 7 1.3 1417772 27008 ? Ssl kwi15 31:13 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30582 18851 1.5 7 1.3 1417772 27008 ? Ssl kwi15 15:34 C:\Program Files\Admiral Markets MT4\terminal.exe fx 30587 30587 0.0 3 0.2 281908 4176 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.11 /org/gtk/gvfs/exec_spaw/1 fx 30587 30589 0.0 3 0.2 281908 4176 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.11 /org/gtk/gvfs/exec_spaw/1 fx 30587 30590 0.0 3 0.2 281908 4176 ? Sl kwi15 0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.11 /org/gtk/gvfs/exec_spaw/1 fx 30964 30964 0.0 6 0.0 2633764 912 ? Sl kwi15 0:00 C:\windows\system32\rpcss.exe fx 30964 30966 0.0 6 0.0 2633764 912 ? Sl kwi15 0:00 C:\windows\system32\rpcss.exe fx 30964 30967 0.0 6 0.0 2633764 912 ? Sl kwi15 0:00 C:\windows\system32\rpcss.exe fx 30964 30968 0.0 6 0.0 2633764 912 ? Sl kwi15 0:00 C:\windows\system32\rpcss.exe fx 30964 30969 0.0 6 0.0 2633764 912 ? Sl kwi15 0:00 C:\windows\system32\rpcss.exe fx 30964 30970 0.0 6 0.0 2633764 912 ? Sl kwi15 0:00 C:\windows\system32\rpcss.exe fx 31755 31755 0.9 3 0.5 1148060 11240 ? Sl kwi15 15:10 C:\Program Files\Admiral Markets MT4\metaeditor.exe /portable fx 31755 31759 0.0 3 0.5 1148060 11240 ? Sl kwi15 0:00 C:\Program Files\Admiral Markets MT4\metaeditor.exe /portable fx 31755 31764 0.0 3 0.5 1148060 11240 ? Sl kwi15 0:00 C:\Program Files\Admiral Markets MT4\metaeditor.exe /portable
W cronie użytkownika j było (co usunąłem):
Kod:
* */23 * * * /home/j/.configrc/a/upd>/dev/null 2>&1 @reboot /home/j/.configrc/a/upd>/dev/null 2>&1 5 8 * * 0 /home/j/.configrc/b/sync>/dev/null 2>&1 @reboot /home/j/.configrc/b/sync>/dev/null 2>&1 0 0 */3 * * /tmp/.X25-unix/.rsync/c/aptitude>/dev/null 2>&1
Ostatnio edytowany przez Blackhole (2020-04-16 12:25:55)
Offline
#11 2020-04-16 13:34:16
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Te wpisy w cron znów się pojawiły. Nie wiem, co je dodało.
Offline
#12 2020-04-16 13:39:59
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
I znów mam tak dużo tych dziwnych procesów (związanych z rsync) na użytkowniku j :-(
Gdy je wszystkie zabiję, to wracają po mniej niż 30 sekundach.
Ostatnio edytowany przez Blackhole (2020-04-16 13:45:42)
Offline
#13 2020-04-16 14:07:31
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Zainstalowałem chkrootkit:
Kod:
# aptitude Performing actions... Prekonfiguracja pakietów ... Wybieranie wcześniej niewybranego pakietu chkrootkit. (Odczytywanie bazy danych ... 205142 pliki i katalogi obecnie zainstalowane.) Przygotowywanie do rozpakowania pakietu .../chkrootkit_0.52-3+b10_amd64.deb ... Rozpakowywanie pakietu chkrootkit (0.52-3+b10) ... Konfigurowanie pakietu chkrootkit (0.52-3+b10) ... Przetwarzanie wyzwalaczy pakietu man-db (2.8.5-2)... Press Return to continue, 'q' followed by Return to quit. q
lecz po instalacji nie ma takiego polecenia:
Kod:
# apropos chkrootkit chkrootkit (1) - Determine whether the system is infected with a rootkit # chkrootkit bash: chkrootkit: nie znaleziono polecenia #
Nie rozumiem, o co chodzi.
Offline
#14 2020-04-16 14:14:40
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
mati75 napisał(-a):
Zablokuj całkowicie logowanie na ssh na roota. Loguj się ze zwykłego użytkownika.
(...)
Następnie zobaczyłbym czy jakiś syf w cronie nie siedzi w /var/spool/cron/crontabs/
Zablokowałem całkowicie logowanie na root przez ssh.
W pliku /var/spool/cron/crontabs/j są tylko 3 linie komentarza.
Offline
#15 2020-04-16 17:30:28
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Jacekalex napisał(-a):
Co powiada pstree?
Takie coś:
Kod:
# pstree
systemd─┬─ModemManager───2*[{ModemManager}]
├─NetworkManager─┬─dhclient
│ └─2*[{NetworkManager}]
├─Xtightvnc
├─accounts-daemon───2*[{accounts-daemon}]
├─acpid
├─8*[agent───2*[{agent}]]
├─agetty
├─apache2───10*[apache2]
├─at-spi-bus-laun─┬─dbus-daemon
│ └─3*[{at-spi-bus-laun}]
├─at-spi2-registr───2*[{at-spi2-registr}]
├─atd
├─avahi-daemon───avahi-daemon
├─clock-applet───3*[{clock-applet}]
├─cron
├─2*[dbus-daemon]
├─dbus-launch
├─dconf-service───2*[{dconf-service}]
├─exim4
├─explorer.exe───{explorer.exe}
├─2*[gnome-keyring-d───3*[{gnome-keyring-d}]]
├─go───timeout───tsm───tsm───515*[{tsm}]
├─gvfs-afc-volume───3*[{gvfs-afc-volume}]
├─gvfs-goa-volume───2*[{gvfs-goa-volume}]
├─gvfs-gphoto2-vo───2*[{gvfs-gphoto2-vo}]
├─gvfs-mtp-volume───2*[{gvfs-mtp-volume}]
├─gvfs-udisks2-vo───2*[{gvfs-udisks2-vo}]
├─gvfsd─┬─gvfsd-http───2*[{gvfsd-http}]
│ ├─gvfsd-trash───2*[{gvfsd-trash}]
│ └─2*[{gvfsd}]
├─gvfsd-metadata───2*[{gvfsd-metadata}]
├─kswapd0───6*[{kswapd0}]
├─lightdm─┬─Xorg───{Xorg}
│ ├─lightdm─┬─x-session-manag─┬─agent───2*[{agent}]
│ │ │ ├─caja───3*[{caja}]
│ │ │ ├─marco───3*[{marco}]
│ │ │ ├─mate-panel───3*[{mate-panel}]
│ │ │ ├─mate-power-mana───3*[{mate-power-mana}]
│ │ │ ├─mate-screensave───3*[{mate-screensave}]
│ │ │ ├─mate-settings-d───4*[{mate-settings-d}]
│ │ │ ├─mate-volume-con───2*[{mate-volume-con}]
│ │ │ ├─nm-applet───3*[{nm-applet}]
│ │ │ ├─polkit-mate-aut───2*[{polkit-mate-aut}]
│ │ │ ├─ssh-agent
│ │ │ ├─xbrlapi
│ │ │ └─3*[{x-session-manag}]
│ │ └─2*[{lightdm}]
│ └─2*[{lightdm}]
├─mate-session─┬─agent───2*[{agent}]
│ ├─caja───3*[{caja}]
│ ├─marco───3*[{marco}]
│ ├─mate-panel─┬─xterm───bash
│ │ └─3*[{mate-panel}]
│ ├─mate-screensave───3*[{mate-screensave}]
│ ├─mate-settings-d───4*[{mate-settings-d}]
│ ├─mate-volume-con───2*[{mate-volume-con}]
│ ├─nm-applet───3*[{nm-applet}]
│ ├─polkit-mate-aut───2*[{polkit-mate-aut}]
│ └─3*[{mate-session}]
├─metaeditor.exe───2*[{metaeditor.exe}]
├─mysqld───29*[{mysqld}]
├─notification-ar───3*[{notification-ar}]
├─ora_aqpc_xe
├─ora_cjq0_xe
├─ora_ckpt_xe
├─ora_clmn_xe
├─ora_d000_xe
├─ora_dbrm_xe
├─ora_dbw0_xe
├─ora_dia0_xe
├─ora_diag_xe
├─ora_gen0_xe
├─ora_lgwr_xe
├─ora_lreg_xe
├─ora_m000_xe
├─ora_m002_xe
├─ora_m003_xe
├─ora_m005_xe
├─ora_mman_xe
├─ora_mmnl_xe
├─ora_mmon_xe
├─ora_mz01_xe
├─ora_p000_xe
├─ora_pman_xe
├─ora_pmon_xe
├─ora_psp0_xe
├─ora_pxmn_xe
├─ora_q002_xe
├─ora_q003_xe
├─ora_qm02_xe
├─ora_qm03_xe
├─ora_reco_xe
├─ora_s000_xe
├─2*[ora_scmn_xe───{ora_scmn_xe}]
├─ora_smco_xe
├─ora_smon_xe
├─ora_svcb_xe
├─ora_tmon_xe
├─ora_tt00_xe
├─ora_tt01_xe
├─ora_tt02_xe
├─ora_vkrm_xe
├─ora_vktm_xe
├─ora_w000_xe
├─ora_w001_xe
├─ora_w002_xe
├─ora_w003_xe
├─ora_w004_xe
├─ora_w005_xe
├─ora_w006_xe
├─ora_w007_xe
├─oracle_11442_xe
├─oracle_9307_xe
├─polkitd───2*[{polkitd}]
├─rpcbind
├─rpcss.exe───5*[{rpcss.exe}]
├─rsyslogd───3*[{rsyslogd}]
├─rtkit-daemon───2*[{rtkit-daemon}]
├─services.exe───4*[{services.exe}]
├─sshd─┬─sshd───sshd───bash───su───bash───pstree
│ └─2*[sshd]
├─systemd───(sd-pam)
├─systemd─┬─(sd-pam)
│ ├─at-spi-bus-laun─┬─dbus-daemon
│ │ └─3*[{at-spi-bus-laun}]
│ ├─at-spi2-registr───2*[{at-spi2-registr}]
│ ├─clock-applet───3*[{clock-applet}]
│ ├─dbus-daemon
│ ├─dconf-service───2*[{dconf-service}]
│ ├─gvfs-afc-volume───3*[{gvfs-afc-volume}]
│ ├─gvfs-goa-volume───2*[{gvfs-goa-volume}]
│ ├─gvfs-gphoto2-vo───2*[{gvfs-gphoto2-vo}]
│ ├─gvfs-mtp-volume───2*[{gvfs-mtp-volume}]
│ ├─gvfs-udisks2-vo───2*[{gvfs-udisks2-vo}]
│ ├─gvfsd─┬─gvfsd-trash───2*[{gvfsd-trash}]
│ │ └─2*[{gvfsd}]
│ ├─gvfsd-metadata───2*[{gvfsd-metadata}]
│ ├─notification-ar───3*[{notification-ar}]
│ ├─pulseaudio───{pulseaudio}
│ └─wnck-applet───3*[{wnck-applet}]
├─systemd─┬─(sd-pam)
│ └─dbus-daemon
├─systemd-journal
├─systemd-logind
├─systemd-timesyn───{systemd-timesyn}
├─systemd-udevd
├─terminal.exe───6*[{terminal.exe}]
├─tnslsnr───{tnslsnr}
├─udisksd───4*[{udisksd}]
├─upowerd───2*[{upowerd}]
├─uuidd
├─winbindd───winbindd
├─winedevice.exe───3*[{winedevice.exe}]
├─wineserver32
├─wnck-applet───3*[{wnck-applet}]
└─wpa_supplicantTo są te dziwne procesy:
Kod:
─go───timeout───tsm───tsm───515*[{tsm}]Ostatnio edytowany przez Blackhole (2020-04-16 17:31:40)
Offline
#16 2020-04-17 10:29:52
morfik - Cenzor wirtualnego świata
#17 2020-04-17 12:01:18
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Usunąłem użytkownika j:
Kod:
# userdel -rf j
Po jego usunięciu te dziwne procesy nie mają na początku linii "j" lecz "1001" (to chyba id użytkownika). Zabiłem je wszystkie, ale po chwili znów się pojawiły :-(
Offline
#18 2020-04-17 12:05:29
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Usunąłem katalog /tmp/.X25-unix i chyba przestały się pojawiać (te dziwne procesy).
Offline
#19 2020-04-18 20:43:51
hi - Zbanowany
- hi
- Zbanowany
- Zarejestrowany: 2016-03-24
Re: Mój VPS podobno atakuje
a ten /tmp to chociaż montujesz sensownie?
Kod:
nosuid,noexec,nodev
używasz libpam-tmpdir ?
Obowiązkowo trzaśnij sobie audyt lynisem
btw.
https://wiki.debian.org/Hardening
Ostatnio edytowany przez hi (2020-04-18 20:48:57)
"Są drogi, którymi nie należy podążać, armie, których nie należy atakować, fortece, których nie należy oblegać, terytoria, o które nie należy walczyć, zarządzenia, których nie należy wykonywać" Sun Tzu
Offline
#20 2020-04-20 14:54:06
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
hi napisał(-a):
a ten /tmp to chociaż montujesz sensownie?
Kod:
nosuid,noexec,nodev
Nie mam katalogu /tmp montowanego oddzielnie:
Kod:
# mount | grep "tmp" udev on /dev type devtmpfs (rw,nosuid,relatime,size=1001876k,nr_inodes=250469,mode=755) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=204336k,mode=755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) tmpfs on /run/user/117 type tmpfs (rw,nosuid,nodev,relatime,size=204332k,mode=700,uid=117,gid=123) tmpfs on /run/user/1003 type tmpfs (rw,nosuid,nodev,relatime,size=204332k,mode=700,uid=1003,gid=1003) shmfs on /dev/shm type tmpfs (rw,relatime,size=8388608k)
Offline
#21 2020-05-03 17:40:52
Blackhole - Użytkownik
Re: Mój VPS podobno atakuje
Myślałem, że sobie poradziłem, bo przez kilka dni był spokój. Mam zablokowane logowanie poprzez hasło.
Niestety dziś o 17:30 znów coś wskoczyło. Podmieniło mi zawartość ~/.ssh/authorized_keys i zmieniło wpisy cron-a :(
Czy można jakoś dowiedzieć się, jaki proces zmienił wpisy cron?
Offline
#22 2020-05-03 18:38:54
morfik - Cenzor wirtualnego świata
Re: Mój VPS podobno atakuje
To raczej jest bawienie się w kocia i mysię ale możesz audit zarzucić. Tu masz przykład[1]:
[1]: https://www.cyberciti.biz/tips/linux-audit-files-to … o-a-file.html
Ostatnio edytowany przez morfik (2020-05-03 18:50:55)
Offline
#23 2020-05-03 19:10:47
BiExi - matka przelozona
#24 2020-05-03 19:45:19
Jacekalex - Podobno człowiek...;)
- Jacekalex
- Podobno człowiek...;)
- Skąd: /dev/random
- Zarejestrowany: 2008-01-07
Re: Mój VPS podobno atakuje
morfik napisał(-a):
To raczej jest bawienie się w kocia i mysię ale możesz audit zarzucić. Tu masz przykład[1]:
[1]: https://www.cyberciti.biz/tips/linux-audit-files-to … o-a-file.html
Auditd?
to raczej do zabawy z SELinuxem się nada.
W obecnej sytuacji chkrootkit, rkhunter i troszkę oleju w głowie w zupełności wystarczą, podobnie jak clamav,
Użycie:
z roota:
Kod:
chkrootkit -q
Kod:
rkhunter -q -c
całą robotę zapisze w /var/log/rkhunter.log.
Kod:
freshclam; clamscan -r -i /
Ostatnio edytowany przez Jacekalex (2020-05-03 20:06:12)
W demokracji każdy naród ma taką władzę, na jaką zasługuje ;)
Si vis pacem para bellum ;) | Pozdrawiam :)
Offline
#25 2020-05-03 20:01:08
morfik - Cenzor wirtualnego świata
Re: Mój VPS podobno atakuje
Jacekalex napisał(-a):
Auditd?
to raczej do zabawy z SELinuxem się nada.
Czemu? Jesteś w stanie przy pomocy audit uzyskać sporo info jaki proces z danego pliku chce korzystać, więc można zapuścić i czekać aż jakiś proces z danym plikiem będzie chciał wejść w interakcję i można go namierzyć.
Ja przy pomocy audit łapię appki korzystające z neta — to bardzo przydatne przy filtrowaniu OUTPUT. xD
Ostatnio edytowany przez morfik (2020-05-03 20:02:50)
Offline