-:() Process - Security

This is a discussion on -:() Process - Security ; I am currenlty showing a process when doing a ps -ef on my system I receive a process listed as - ). I killed the process and it logged of my system. Have I been compromised? I tried searching on ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: -:() Process

  1. -:() Process

    I am currenlty showing a process when doing a ps -ef on my system I
    receive a process listed as -). I killed the process and it logged of
    my system. Have I been compromised? I tried searching on this process
    and did not get any responses back.


  2. Re: -:() Process

    "jcw248" (06-06-11 08:05:59):

    > I am currenlty showing a process when doing a ps -ef on my system I
    > receive a process listed as -). I killed the process and it logged
    > of my system. Have I been compromised? I tried searching on this
    > process and did not get any responses back.


    You probably are seeing the process with the name "-:0", which is a zero
    at the end, instead of parentheses. If that's the case, then everything
    is alright, because that's just the command line name of your X server
    process. You can easily check that. See the output of "ps -ef", and
    grab the PID of the process. Then do "ps c -ef" to see the binary name
    of all processes and check that the PID actually belongs to a process
    called just 'X'.

    To explain that: The dash ('-') at the beginning means that this is
    your login process, i.e. the one process started at login time. It
    shouldn't be, but on some systems, X is the login shell for some or all
    users. Otherwise and much more likely, it just may be that your display
    manager (XDM, GDM, KDM, ...) started your X server that way. The ":0"
    at the end means that the X server is running on display 0 (zero),
    i.e. the first virtual terminal, which X can or should use. If you have
    multiple X sessions running, the other sessions will have different
    display numbers like ":1".


    Regards,
    E.S.

  3. Re: -:() Process

    On 2006-06-11, jcw248 wrote:

    > I am currenlty showing a process when doing a ps -ef on my system I
    > receive a process listed as -). I killed the process and it logged of
    > my system. Have I been compromised? I tried searching on this process
    > and did not get any responses back.


    Are you sure it's not "-:0" ?

    That's part of how X communicates with its various pieces. If you kill
    it, you kill your X server and thus are logged out when a new X server
    process is spawned by init.

    If you have more than one X display running, you'll probably see "-:1"
    and "-:2" and so on for each display screen.

    --

    John (john@os2.dhs.org)

  4. Re: -:() Process


    Ertugrul Soeylemez wrote:
    > "jcw248" (06-06-11 08:05:59):
    >
    > > I am currenlty showing a process when doing a ps -ef on my system I
    > > receive a process listed as -). I killed the process and it logged
    > > of my system. Have I been compromised? I tried searching on this
    > > process and did not get any responses back.

    >
    > You probably are seeing the process with the name "-:0", which is a zero
    > at the end, instead of parentheses. If that's the case, then everything
    > is alright, because that's just the command line name of your X server
    > process. You can easily check that. See the output of "ps -ef", and
    > grab the PID of the process. Then do "ps c -ef" to see the binary name
    > of all processes and check that the PID actually belongs to a process
    > called just 'X'.
    >
    > To explain that: The dash ('-') at the beginning means that this is
    > your login process, i.e. the one process started at login time. It
    > shouldn't be, but on some systems, X is the login shell for some or all
    > users. Otherwise and much more likely, it just may be that your display
    > manager (XDM, GDM, KDM, ...) started your X server that way. The ":0"
    > at the end means that the X server is running on display 0 (zero),
    > i.e. the first virtual terminal, which X can or should use. If you have
    > multiple X sessions running, the other sessions will have different
    > display numbers like ":1".
    >
    >
    > Regards,
    > E.S.


    Thanks for not blasting me I am new to Linux security. Thanks for the
    useful information


  5. Re: -:() Process


    John Thompson wrote:
    > On 2006-06-11, jcw248 wrote:
    >
    > > I am currenlty showing a process when doing a ps -ef on my system I
    > > receive a process listed as -). I killed the process and it logged of
    > > my system. Have I been compromised? I tried searching on this process
    > > and did not get any responses back.

    >
    > Are you sure it's not "-:0" ?
    >
    > That's part of how X communicates with its various pieces. If you kill
    > it, you kill your X server and thus are logged out when a new X server
    > process is spawned by init.
    >
    > If you have more than one X display running, you'll probably see "-:1"
    > and "-:2" and so on for each display screen.
    >
    > --
    >
    > John (john@os2.dhs.org)


    Thanks for the help.


+ Reply to Thread