It looks like my CentOS 4.2 box is attacking other people with some type of ftp attack. I got an email from somebody saying they were being attacked by my IP address. Further investigation /var/log/messages shows a whole bunch of sshd attacks on me, none of which appear successful. I'm running ethereal right now and I can see that my system is doing some kind of ftp attacks on others. I've think I've stopped the outgoing attacks at my firewall, but how do I proceed from here? Thanks, James
On Sun, 2006-02-05 at 02:51 -0500, James Pifer wrote:> It looks like my CentOS 4.2 box is attacking other people with some type > of ftp attack. I got an email from somebody saying they were being > attacked by my IP address. > > Further investigation /var/log/messages shows a whole bunch of sshd > attacks on me, none of which appear successful. I'm running ethereal > right now and I can see that my system is doing some kind of ftp attacks > on others. > > I've think I've stopped the outgoing attacks at my firewall, but how do > I proceed from here?The first thing to do is run "ps auxfwwww" and look for anything that looks out of place. Feel free to post it here if you need help. -- Ignacio Vazquez-Abrams <ivazquez at ivazquez.net> http://centos.ivazquez.net/ gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060205/68e07a72/attachment-0002.sig>
> The first thing to do is run "ps auxfwwww" and look for anything that > looks out of place. Feel free to post it here if you need help. >The only thing that looks out of place to me is the section of things being done by my hotmail account. I do have a hotmail account that I forward mail to using gotmail. Other than that I don't see anything obvious. Thanks, James ps auxfwwww USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 2992 484 ? S 2005 0:13 init [5] root 2 0.0 0.0 0 0 ? S 2005 0:01 [migration/0] root 3 0.0 0.0 0 0 ? SN 2005 0:02 [ksoftirqd/0] root 4 0.0 0.0 0 0 ? S 2005 0:01 [migration/1] root 5 0.0 0.0 0 0 ? SN 2005 0:16 [ksoftirqd/1] root 6 0.0 0.0 0 0 ? S 2005 0:02 [migration/2] root 7 0.0 0.0 0 0 ? SN 2005 0:01 [ksoftirqd/2] root 8 0.0 0.0 0 0 ? S 2005 0:08 [migration/3] root 9 0.0 0.0 0 0 ? SN 2005 0:14 [ksoftirqd/3] root 10 0.0 0.0 0 0 ? S< 2005 0:00 [events/0] root 14 0.0 0.0 0 0 ? S< 2005 0:00 \_ [khelper] root 15 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kacpid] root 39 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kblockd/0] root 40 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kblockd/1] root 41 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kblockd/2] root 42 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kblockd/3] root 55 0.0 0.0 0 0 ? S< 2005 0:00 \_ [aio/0] root 56 0.0 0.0 0 0 ? S< 2005 0:00 \_ [aio/1] root 57 0.0 0.0 0 0 ? S< 2005 0:00 \_ [aio/2] root 58 0.0 0.0 0 0 ? S< 2005 0:00 \_ [aio/3] root 219 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kmirrord] root 220 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kmir_mon] root 1699 0.0 0.0 0 0 ? S< 2005 0:00 \_ [kauditd] root 13003 0.0 0.0 0 0 ? S Feb03 0:03 \_ [pdflush] root 11 0.0 0.0 0 0 ? S< 2005 0:00 [events/1] root 12 0.0 0.0 0 0 ? S< 2005 0:00 [events/2] root 13005 0.0 0.0 0 0 ? S Feb03 0:03 \_ [pdflush] root 13 0.0 0.0 0 0 ? S< 2005 0:00 [events/3] root 43 0.0 0.0 0 0 ? S 2005 0:00 [khubd] root 54 0.0 0.0 0 0 ? S 2005 1:41 [kswapd0] root 131 0.0 0.0 0 0 ? S 2005 0:00 [kseriod] root 199 0.0 0.0 0 0 ? S 2005 0:00 [scsi_eh_0] root 205 0.0 0.0 0 0 ? S 2005 0:00 [scsi_eh_1] root 228 0.0 0.0 0 0 ? S 2005 3:41 [kjournald] root 1293 0.0 0.0 0 0 ? S 2005 0:00 [shpchpd_event] root 1518 0.0 0.0 0 0 ? S 2005 0:00 [scsi_eh_2] root 1519 0.0 0.0 0 0 ? S 2005 0:48 [usb- storage] root 1747 0.0 0.0 0 0 ? S 2005 0:00 [kjournald] root 2151 0.0 0.1 2244 572 ? Ss 2005 0:50 syslogd - m 0 root 2155 0.0 0.0 2560 456 ? Ss 2005 0:00 klogd -x root 2166 0.0 0.0 3452 452 ? Ss 2005 0:05 irqbalance rpc 2177 0.0 0.0 2568 476 ? Ss 2005 0:00 portmap rpcuser 2197 0.0 0.1 2220 572 ? Ss 2005 0:00 rpc.statd root 2230 0.0 0.1 4044 844 ? Ss 2005 0:00 rpc.idmapd root 2316 0.0 0.0 3276 420 ? Ss 2005 0:00 /usr/sbin/acpid root 2326 0.0 0.1 4200 904 ? Ss 2005 0:41 /usr/sbin/dovecot root 2336 0.0 0.2 6728 1124 ? S 2005 0:48 \_ dovecot-auth dovecot 25840 0.0 0.2 3516 1432 ? S 02:50 0:00 \_ pop3- login dovecot 25922 0.0 0.2 4444 1428 ? S 02:56 0:00 \_ pop3- login dovecot 25972 0.0 0.2 3548 1428 ? S 03:00 0:00 \_ pop3- login root 2392 0.0 0.2 5244 1232 ? Ss 2005 0:16 /usr/sbin/sshd root 15763 0.0 0.3 8020 1676 ? Ss Feb03 0:00 \_ sshd: hotmail [priv] hotmail 15765 0.0 0.3 8184 1724 ? S Feb03 0:03 | \_ sshd: hotmail at pts/7 hotmail 15766 0.0 0.2 5604 1168 pts/7 Ss Feb03 0:00 | \_ -sh hotmail 6441 0.0 0.1 5160 656 pts/7 S+ Feb04 0:00 | \_ screen hotmail 6442 0.0 0.1 5348 720 ? Ss Feb04 0:00 | \_ SCREEN hotmail 6443 0.0 0.2 5472 1084 pts/3 Ss+ Feb04 0:00 | \_ /bin/sh hotmail 6445 0.0 0.1 4428 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 63.200.0.0/16 hotmail 6446 0.1 0.0 308976 484 pts/3 Sl Feb04 1:25 | | \_ ./f -h 63.200.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6477 0.0 0.1 5572 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 63.109.0.0/16 hotmail 6478 0.0 0.0 308972 456 pts/3 Sl Feb04 0:15 | | \_ ./f -h 63.109.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6509 0.0 0.1 5836 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 213.74.0.0/16 hotmail 6510 0.0 0.0 298732 480 pts/3 Sl Feb04 0:47 | | \_ ./f -h 213.74.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6541 0.0 0.1 6004 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 211.23.0.0/16 hotmail 6542 0.0 0.1 308976 560 pts/3 Sl Feb04 0:58 | | \_ ./f -h 211.23.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6573 0.0 0.1 5264 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 209.99.0.0/16 hotmail 6574 0.0 0.0 308976 480 pts/3 Sl Feb04 0:58 | | \_ ./f -h 209.99.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6605 0.0 0.1 6068 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 162.33.0.0/16 hotmail 6606 0.0 0.0 308976 488 pts/3 Sl Feb04 0:17 | | \_ ./f -h 162.33.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6637 0.0 0.1 6132 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 207.65.0.0/16 hotmail 6638 0.3 0.1 308976 564 pts/3 Sl Feb04 3:23 | | \_ ./f -h 207.65.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6669 0.0 0.1 5592 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 200.0.0.0/16 hotmail 6670 0.2 0.1 308972 576 pts/3 Sl Feb04 2:10 | | \_ ./f -h 200.0.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6701 0.0 0.1 5436 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 199.106.0.0/16 hotmail 6702 0.1 0.0 216776 460 pts/3 Sl Feb04 1:17 | | \_ ./f -h 199.106.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6733 0.0 0.1 6000 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 80.90.0.0/16 hotmail 6734 0.0 0.0 308972 456 pts/3 Sl Feb04 0:04 | | \_ ./f -h 80.90.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6765 0.0 0.1 4708 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 132.234.0.0/16 hotmail 6766 0.0 0.0 308972 460 pts/3 Sl Feb04 0:12 | | \_ ./f -h 132.234.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6797 0.0 0.1 4668 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 203.206.0.0/16 hotmail 6798 0.2 0.1 308976 756 pts/3 Sl Feb04 2:16 | | \_ ./f -h 203.206.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6829 0.0 0.1 5916 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 12.146.0.0/16 hotmail 6830 0.1 0.0 308976 480 pts/3 Sl Feb04 1:40 | | \_ ./f -h 12.146.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C hotmail 6861 0.0 0.1 5264 856 pts/3 S Feb04 0:00 | \_ /bin/sh ./s 68.15.0.0/16 hotmail 6862 0.1 0.1 308976 684 pts/3 Sl Feb04 2:10 | \_ ./f -h 68.15.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C root 22011 0.0 0.3 7924 1748 ? Ss Feb03 0:00 \_ sshd: jpifer [priv] jpifer 22013 0.5 0.4 9124 2308 ? S Feb03 13:11 | \_ sshd: jpifer at pts/2 jpifer 22014 0.0 0.2 5628 1348 pts/2 Ss+ Feb03 0:00 | \_ -bash jpifer 25732 0.0 0.9 15364 4692 pts/2 S 02:36 0:00 | \_ ethereal root 25733 0.0 0.1 6200 1004 pts/2 S 02:36 0:00 | \_ /usr/sbin/userhelper -w ethereal root 25737 4.2 24.8 169668 128092 pts/2 S 02:36 1:03 | \_ ethereal root 25947 0.4 3.9 36928 20160 pts/2 S 03:00 0:00 | \_ ethereal-capture -i eth0 -f host not 192.168.1.25 root 25444 0.0 0.3 7680 1848 ? Ss 02:19 0:00 \_ sshd: root at pts/4 root 25446 0.0 0.2 5400 1348 pts/4 Ss 02:19 0:00 \_ - bash root 26029 0.0 0.1 2472 836 pts/4 R+ 03:01 0:00 \_ ps auxfwwww root 2410 0.0 0.1 2716 580 ? Ss 2005 0:00 xinetd - stayalive -pidfile /var/run/xinetd.pid ntp 2423 0.0 1.1 5784 5784 ? SLs 2005 0:01 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g root 2443 0.0 0.1 5024 608 ? Ss 2005 0:00 rpc.rquotad root 2456 0.0 0.0 0 0 ? S 2005 0:01 [nfsd] root 2452 0.0 0.0 0 0 ? S 2005 0:01 [nfsd] root 2455 0.0 0.0 0 0 ? S 2005 0:02 [nfsd] root 2453 0.0 0.0 0 0 ? S 2005 0:01 [nfsd] root 2454 0.0 0.0 0 0 ? S 2005 0:03 [nfsd] root 2459 0.0 0.0 0 0 ? S 2005 0:03 [nfsd] root 2457 0.0 0.0 0 0 ? S 2005 0:01 [nfsd] root 2458 0.0 0.0 0 0 ? S 2005 0:01 [nfsd] root 2460 0.0 0.0 0 0 ? S 2005 0:00 [lockd] root 2461 0.0 0.0 0 0 ? S 2005 0:00 [rpciod] root 2465 0.0 0.1 3244 700 ? Ss 2005 0:00 rpc.mountd root 2486 0.0 0.1 2680 796 ? Ss 2005 0:06 /usr/sbin/dhcpd root 2530 0.0 0.7 23040 3904 ? Ss 2005 0:01 /usr/bin/perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 20174 0.0 5.2 39136 26980 ? S Feb04 0:02 \_ /usr/bin/perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 23481 0.0 4.1 39136 21424 ? S Feb04 0:02 \_ /usr/bin/perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 23709 0.0 5.3 39164 27416 ? S Feb04 0:02 \_ /usr/bin/perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 24159 0.0 5.1 39136 26576 ? S 00:35 0:02 \_ /usr/bin/perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 24776 0.0 2.5 39144 13368 ? S 01:11 0:02 \_ /usr/bin/perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 2543 0.0 0.0 2644 440 ? Ss 2005 0:00 gpm - m /dev/input/mice -t imps2 root 2564 0.0 0.1 5632 740 ? Ss 2005 0:00 crond root 25975 0.0 0.2 6212 1144 ? S 03:01 0:00 \_ crond root 25976 0.0 0.1 3760 912 ? Ss 03:01 0:00 \_ /bin/bash /usr/bin/run-parts /etc/cron.hourly root 25996 0.0 0.1 2528 884 ? S 03:01 0:00 \_ /bin/bash /etc/cron.hourly/update_virus_scanners root 25999 0.0 0.2 4660 1164 ? S 03:01 0:00 | \_ perl -e sleep int(rand(600)); root 25997 0.0 0.1 2628 548 ? S 03:01 0:00 \_ awk -v progname=/etc/cron.hourly/update_virus_scanners progname {????? print progname ":\n"????? progname="";???? }???? { print; } xfs 2590 0.0 0.1 4312 692 ? Ss 2005 0:00 xfs - droppriv -daemon root 2608 0.0 0.2 10432 1316 ? Ss 2005 0:01 smbd -D root 2624 0.0 0.2 10432 1192 ? S 2005 0:00 \_ smbd -D root 13004 0.0 0.3 11260 1580 ? S Jan14 0:00 \_ smbd -D root 17817 0.0 0.3 13300 1788 ? S Jan17 6:41 \_ smbd -D root 2612 0.0 0.2 8928 1460 ? Ss 2005 0:53 nmbd -D root 2632 0.0 0.1 2812 624 ? Ss 2005 0:00 /usr/sbin/atd dbus 2651 0.0 0.1 3020 608 ? Ss 2005 0:00 dbus- daemon-1 --system root 2661 0.0 0.1 4108 616 ? Ss 2005 0:00 cups- config-daemon root 2672 0.0 0.3 8204 2032 ? Ss 2005 9:26 hald root 2908 0.0 0.1 3904 724 ? S 2005 0:00 /usr/bin/slpuasa root 2917 0.0 0.5 7708 2744 ? Ss 2005 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf root 2923 0.0 0.0 2756 356 tty1 Ss+ 2005 0:00 /sbin/mingetty tty1 root 2924 0.0 0.0 3284 356 tty2 Ss+ 2005 0:00 /sbin/mingetty tty2 root 2925 0.0 0.0 2832 356 tty3 Ss+ 2005 0:00 /sbin/mingetty tty3 root 2927 0.0 0.0 2932 356 tty4 Ss+ 2005 0:00 /sbin/mingetty tty4 root 2928 0.0 0.0 2752 356 tty5 Ss+ 2005 0:00 /sbin/mingetty tty5 root 2936 0.0 0.0 2272 356 tty6 Ss+ 2005 0:00 /sbin/mingetty tty6 root 2937 0.0 0.1 11004 960 ? Ss 2005 0:00 /usr/bin/gdm-binary -nodaemon root 3343 0.0 0.2 11532 1212 ? S 2005 0:00 \_ /usr/bin/gdm-binary -nodaemon root 3346 0.1 0.3 12088 1644 ? S 2005 83:58 \_ /usr/X11R6/bin/X :0 -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7 gdm 3416 0.0 0.7 21008 4108 ? Ss 2005 1:33 \_ /usr/bin/gdmgreeter root 3491 0.0 0.0 0 0 ? S 2005 0:53 [kjournald] jpifer 3505 0.0 0.4 12368 2132 ? S 2005 0:05 /usr/libexec/gconfd-2 13 jpifer 26398 0.1 0.6 57628 3484 ? S Jan16 29:18 nt root 18874 0.0 0.4 18916 2304 ? Ss Jan17 0:02 /usr/sbin/httpd apache 32504 0.0 0.5 19048 2924 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 32505 0.0 0.5 19048 2928 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 32506 0.0 0.5 19048 2864 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 32507 0.0 0.5 19048 2896 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 32508 0.0 0.5 19048 2872 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 32509 0.0 0.5 19048 2888 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 32510 0.0 0.5 19048 2996 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 32512 0.0 0.5 19048 3000 ? S Jan29 0:00 \_ /usr/sbin/httpd apache 24210 0.0 0.5 19048 2856 ? S 00:43 0:00 \_ /usr/sbin/httpd root 4455 0.0 0.2 17884 1272 ? S Jan18 0:39 Xvnc :1 - desktop porky.obrien-pifer.com:1 (root) -httpd /usr/share/vnc/classes - auth /root/.Xauthority -geometry 1024x768 -depth 16 -rfbwait 30000 - rfbauth /root/.vnc/passwd -rfbport 5901 -pn root 4459 0.0 0.1 4004 624 ? S Jan18 0:00 vncconfig -iconic root 4460 0.0 0.1 11060 976 ? S Jan18 0:00 xterm - geometry 80x24+10+10 -ls -title porky.obrien-pifer.com:1 (root) Desktop root 4463 0.0 0.2 6304 1088 pts/5 Ss+ Jan18 0:00 \_ -bash root 4461 0.0 0.5 21284 3044 ? S Jan18 0:00 gnome- session root 4495 0.0 0.1 2988 708 ? S Jan18 0:00 /usr/bin/gnome-keyring-daemon root 4497 0.0 0.2 7772 1088 ? Ss Jan18 0:00 /usr/libexec/bonobo-activation-server --ac-activate --ior-output- fd=18 root 4499 0.0 0.5 19680 2612 ? S Jan18 0:00 /usr/libexec/gnome-settings-daemon --oaf-activate- iid=OAFIID:GNOME_SettingsDaemon --oaf-ior-fd=22 root 4505 0.0 0.1 3884 928 ? S Jan18 0:00 /usr/libexec/gam_server root 4536 0.0 0.5 13912 2812 ? Ss Jan18 0:03 /usr/bin/metacity --sm-client-id=default1 root 4540 0.0 0.6 22724 3192 ? Ss Jan18 0:01 gnome- panel --sm-client-id default2 root 4542 0.0 0.6 39124 3196 ? Ssl Jan18 0:01 nautilus --no-default-window --sm-client-id default3 root 4544 0.0 0.4 18108 2552 ? Ss Jan18 0:00 gnome- volume-manager --sm-client-id default6 root 4548 0.0 0.4 12540 2312 ? Ss Jan18 0:00 pam- panel-icon --sm-client-id default0 root 4551 0.0 0.0 2148 496 ? S Jan18 0:00 \_ /sbin/pam_timestamp_check -d root root 4554 0.0 0.3 20860 1620 ? Sl Jan18 0:00 /usr/libexec/gnome-vfs-daemon --oaf-activate- iid=OAFIID:GNOME_VFS_Daemon_Factory --oaf-ior-fd=28 root 4562 0.0 0.1 2420 580 ? S Jan18 0:00 /usr/libexec/mapping-daemon root 4564 0.0 0.6 22184 3276 ? S Jan18 0:03 /usr/libexec/wnck-applet --oaf-activate- iid=OAFIID:GNOME_Wncklet_Factory --oaf-ior-fd=30 root 4566 0.0 0.6 22484 3308 ? S Jan18 0:00 /usr/libexec/mixer_applet2 --oaf-activate- iid=OAFIID:GNOME_MixerApplet_Factory --oaf-ior-fd=32 root 4568 0.0 0.7 20328 3696 ? S Jan18 0:32 /usr/libexec/clock-applet --oaf-activate- iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=34root 4570 0.0 0.5 18280 2672 ? S Jan18 0:00 /usr/libexec/notification- area-applet --oaf-activate- iid=OAFIID:GNOME_NotificationAreaApplet_Factory --oaf-ior-fd=36 root 4572 0.0 0.6 36656 3492 ? Sl Jan18 0:14 /usr/bin/gnome-terminal root 4573 0.0 0.0 3060 476 ? S Jan18 0:00 \_ gnome-pty-helper root 4574 0.0 0.2 4936 1084 pts/6 Ss+ Jan18 0:00 \_ bash root 5191 0.0 0.0 2560 400 ? S<s Jan18 0:00 udevd root 19720 0.0 0.2 6816 1476 ? S Jan18 0:00 /usr/libexec/gconfd-2 4 root 24456 0.9 13.3 629252 68908 pts/6 Sl Jan19 219:28 /usr/stoneware/bin/../jre/bin/java -server -Xms64m -Xmx256m - Djava.endorsed.dirs=/usr/stoneware/bin/endorsed com.zerog.lax.LAX /usr/stoneware/bin/webNetwork.lax /tmp/env.properties.24456 jpifer 26962 0.0 0.2 28028 1248 ? Ss Jan19 0:00 /usr/bin/spamd --port 7830 --local --daemonize jpifer 26964 0.0 0.2 28392 1300 ? S Jan19 0:00 \_ spamd child jpifer 26965 0.0 0.2 28028 1248 ? S Jan19 0:00 \_ spamd child jpifer 26966 0.0 0.2 28028 1248 ? S Jan19 0:00 \_ spamd child jpifer 26967 0.0 0.2 28028 1248 ? S Jan19 0:00 \_ spamd child jpifer 26968 0.0 0.2 28028 1248 ? S Jan19 0:00 \_ spamd child named 5809 0.0 0.6 38916 3220 ? Ssl Jan19 5:08 /usr/sbin/named -u named -t /var/named/chroot jpifer 15442 0.0 0.5 28860 2900 ? S Jan23 11:20 Xvnc :2 - desktop porky.obrien-pifer.com:2 (jpifer) -httpd /usr/share/vnc/classes -auth /home/jpifer/.Xauthority -geometry 1024x768 -depth 16 -rfbwait 30000 -rfbauth /home/jpifer/.vnc/passwd -rfbport 5902 -pn jpifer 15446 0.0 0.1 4124 744 ? S Jan23 0:00 vncconfig -iconic jpifer 15447 0.0 0.7 21084 3752 ? S Jan23 0:00 gnome- session jpifer 15450 0.0 0.1 2680 720 ? S Jan23 0:00 /usr/bin/gnome-keyring-daemon jpifer 15452 0.0 0.3 8532 1844 ? Ss Jan23 0:00 /usr/libexec/bonobo-activation-server --ac-activate --ior-output- fd=18 jpifer 15454 0.0 0.6 19572 3172 ? S Jan23 0:00 /usr/libexec/gnome-settings-daemon --oaf-activate- iid=OAFIID:GNOME_SettingsDaemon --oaf-ior-fd=22 jpifer 15460 0.0 0.2 4232 1448 ? S Jan23 0:38 /usr/libexec/gam_server jpifer 15468 0.0 0.2 4756 1344 ? S Jan23 0:03 xscreensaver -nosplash jpifer 15492 0.0 0.6 14224 3460 ? Ss Jan23 3:14 /usr/bin/metacity --sm-client-id=default1 jpifer 15496 0.0 0.7 23224 4080 ? Ss Jan23 0:02 gnome- panel --sm-client-id default2 jpifer 15498 0.0 0.8 38372 4248 ? Ssl Jan23 0:02 nautilus --no-default-window --sm-client-id default3 jpifer 15500 0.0 0.6 19356 3092 ? Ss Jan23 0:00 gnome- volume-manager --sm-client-id default6 jpifer 15504 0.0 0.5 12956 2728 ? Ss Jan23 0:00 pam- panel-icon --sm-client-id default0 root 15507 0.0 0.0 1960 492 ? S Jan23 0:00 \_ /sbin/pam_timestamp_check -d root jpifer 15506 0.0 1.6 36868 8508 ? SNs Jan23 1:23 /usr/bin/python /usr/bin/rhn-applet-gui --sm-client-id default4 jpifer 15510 0.0 0.3 20552 1840 ? Sl Jan23 0:00 /usr/libexec/gnome-vfs-daemon --oaf-activate- iid=OAFIID:GNOME_VFS_Daemon_Factory --oaf-ior-fd=28 jpifer 15518 0.0 0.1 3660 592 ? S Jan23 0:00 /usr/libexec/mapping-daemon jpifer 15520 0.0 0.8 20244 4200 ? S Jan23 3:35 /usr/libexec/wnck-applet --oaf-activate- iid=OAFIID:GNOME_Wncklet_Factory --oaf-ior-fd=30 jpifer 15523 0.0 0.7 22416 3672 ? S Jan23 0:00 /usr/libexec/mixer_applet2 --oaf-activate- iid=OAFIID:GNOME_MixerApplet_Factory --oaf-ior-fd=32 jpifer 15528 0.0 0.8 20420 4240 ? S Jan23 0:19 /usr/libexec/clock-applet --oaf-activate- iid=OAFIID:GNOME_ClockApplet_Factory --oaf-ior-fd=34jpifer 15530 0.0 0.6 18256 3264 ? S Jan23 0:00 /usr/libexec/notification- area-applet --oaf-activate- iid=OAFIID:GNOME_NotificationAreaApplet_Factory --oaf-ior-fd=36 jpifer 15575 0.0 0.6 112140 3276 ? Sl Jan23 0:03 /usr/libexec/evolution-data-server-1.0 --oaf-activate- iid=OAFIID:GNOME_Evolution_DataServer_InterfaceCheck --oaf-ior-fd=42 jpifer 15590 0.0 0.6 65044 3400 ? Sl Jan23 0:00 /usr/libexec/evolution/2.0/evolution-alarm-notify --oaf-activate- iid=OAFIID:GNOME_Evolution_Calendar_AlarmNotify_Factory:2.0 --oaf-ior- fd=44 root 21663 0.0 0.3 8404 1888 ? Ss Jan23 0:00 sendmail: Queue runner at 00:15:00 for /var/spool/mqueue smmsp 21664 0.0 0.3 8268 1876 ? Ss Jan23 0:00 sendmail: Queue runner at 00:15:00 for /var/spool/clientmqueue root 21667 0.0 0.4 7968 2084 ? Ss Jan23 0:07 sendmail: accepting connections root 32314 0.0 0.2 8644 1496 ? Ss Jan29 0:00 cupsd jpifer 22042 0.1 8.1 184796 41976 pts/2 Sl Feb03 2:26 evolution jpifer 22043 0.1 1.6 99244 8688 pts/2 Sl Feb03 2:51 /usr/lib/mozilla-1.7.12/mozilla-bin -UILocale en-US jpifer 22044 0.3 1.4 61740 7372 pts/2 Sl Feb03 6:50 nt jpifer 22045 0.0 0.7 37716 3876 pts/2 S Feb03 0:01 konqueror jpifer 22051 0.0 0.4 26212 2232 ? Ss Feb03 0:00 kdeinit: Running... jpifer 22056 0.0 0.4 26668 2080 ? S Feb03 0:00 \_ kdeinit: klauncher jpifer 22074 0.0 0.4 27628 2408 ? S Feb03 0:00 \_ kdeinit: kio_file file /tmp/ksocket-jpifer/klauncherZ1QYAa.slave- socket /tmp/ksocket-jpifer/konqueror8aWSVa.slave-socket jpifer 22054 0.0 0.3 25420 1856 ? S Feb03 0:00 kdeinit: dcopserver --nosid --suicide jpifer 22058 0.0 0.5 26152 2836 ? S Feb03 0:00 kdeinit: kded