./cache.sh?
Duane Whitty
duane at nofroth.com
Wed Feb 7 06:34:00 UTC 2018
On 18-02-07 02:12 AM, Paul Smith wrote:
> On Wed, 2018-02-07 at 01:52 -0400, Duane Whitty wrote:
>>> A client has a system that is running a process that shows up in
>>> the process list as "./cache.sh". There is no file named "cache.sh"
>>> anywhere on his system. This process is chewing up most of his CPU.
>>> If stopped, it starts again after a few minutes. It starts on boot,
>>> too.
>
> If you know the PID of the running process, you can look in /proc/<PID>
> and find out all sorts of useful information including the actual
> executable (the exe symlink) which isn't changeable like the "ps"
> output is, what files it has open (in the fd directory), etc.
>
> You can also use ss (or netstat if you're old-school) to see what
> network sockets are opened by which processes.
>
Yes my bad, not /var/proc/<PID> but rather /proc/<PID>. Nice catch Mr.
Smith ;-)
Best Regards,
Duane
--
Duane Whitty
duane at nofroth.com
More information about the ubuntu-users
mailing list