[SAC] High load "geotools" job on osgeo6: cryptonight at work
Jürgen E. Fischer
jef at norbit.de
Wed May 9 23:57:04 PDT 2018
On Tue, 08. May 2018 at 23:54:14 +0200, Markus Neteler wrote:
> It comes from an "invisible" (!) directory:
> root at osgeo6:/var/tmp# ls -la /var/tmp/
> total 198116
> drwxr-xr-x 2 geotools users 32 Mar 22 14:56 <<----!!
On Wed, 09. May 2018 at 21:20:07 +0200, Markus Neteler wrote:
> for now I put te job to "sleep" using
> kill -SIGSTOP 23401
> Like that the traces are still there while it cannot continue to mine coins.
> I suggest to
> - force password reset of all logins on osgeo6
I'd also expect that is was brought in via the (geotools) website and didn't
have access to anything else. So we probably don't need a password reset.
I'd try: members users | xargs -n1 passwd -e
> - check who was on the machine
> May 8 2018, 23:07 server time to install the thing
You mean Mar 22:
$ ps -p 23401 -o pid,lstart,comm,cmd
PID STARTED COMMAND CMD
23401 Thu Mar 22 22:56:33 2018 j [ksoftirqd]
Which predates most if not all relevant logs we still have, right? Bacula also
keeps backups only for 1 months AFAICS.
> - eventually get rid of it
Jürgen E. Fischer norBIT GmbH Tel. +49-4931-918175-31
Dipl.-Inf. (FH) Rheinstraße 13 Fax. +49-4931-918175-50
Software Engineer D-26506 Norden http://www.norbit.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 827 bytes
Desc: not available
More information about the Sac