Advice Needed

I just got my first Dedicated Server today, (almost complete newbie) I used SSh and ran TOP and below is the output. Any ideas as to why so many things are running, and the cpu usage is so high?


11:12pm up 1:48, 1 user, load average: 1.22, 1.25, 1.19
59 processes: 56 sleeping, 3 running, 0 zombie, 0 stopped
CPU states: 51.4% user, 48.5% system, 0.0% nice, 0.0% idle
Mem: 511312K av, 63076K used, 448236K free, 0K shrd, 1524K buff
Swap: 530104K av, 0K used, 530104K free 36164K cached

PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND
814 root 20 0 472 472 396 R 0 73.8 0.0 81:19 portsentry
377 root 12 0 528 528 428 S 0 25.9 0.1 26:46 syslogd
2124 root 9 0 872 872 672 R 0 0.1 0.1 0:00 top
1 root 8 0 476 476 404 S 0 0.0 0.0 0:05 init
2 root 9 0 0 0 0 SW 0 0.0 0.0 0:00 keventd
3 root 19 19 0 0 0 SWN 0 0.0 0.0 0:00 ksoftirqd_CPU0
4 root 9 0 0 0 0 SW 0 0.0 0.0 0:00 kswapd
5 root 9 0 0 0 0 SW 0 0.0 0.0 0:00 kreclaimd
6 root 9 0 0 0 0 SW 0 0.0 0.0 0:00 bdflush
7 root 9 0 0 0 0 SW 0 0.0 0.0 0:00 kupdated
9 root 9 0 0 0 0 SW 0 0.0 0.0 0:00 khubd
386 root 9 0 1076 1076 388 S 0 0.0 0.2 0:00 klogd
400 nobody 9 0 648 648 524 S 0 0.0 0.1 0:00 identd
404 nobody 9 0 648 648 524 S 0 0.0 0.1 0:00 identd
405 nobody 9 0 648 648 524 S 0 0.0 0.1 0:00 identd
406 nobody 9 0 648 648 524 S 0 0.0 0.1 0:00 identd
407 nobody 9 0 648 648 524 S 0 0.0 0.1 0:00 identd
418 root 8 0 624 624 512 S 0 0.0 0.1 0:00 crond
432 root 9 0 488 488 412 S 0 0.0 0.0 0:00 inetd
446 nobody 9 0 896 896 700 S 0 0.0 0.1 0:00 proftpd
455 root 9 0 1200 1200 1060 S 0 0.0 0.2 0:00 sshd
471 root 9 0 532 532 448 S 0 0.0 0.1 0:00 lpd
508 root 9 0 1096 1096 916 S 0 0.0 0.2 0:00 antirelayd
522 root 8 0 1656 1656 1072 S 0 0.0 0.3 0:00 chkservd
543 root 9 0 2920 2920 2736 S 0 0.0 0.5 0:00 httpd
563 root 9 0 3588 3588 2136 S 0 0.0 0.7 0:00 cppop
609 root 9 0 1588 1584 1192 S 0 0.0 0.3 0:00 exim
640 root 9 0 832 832 664 S 0 0.0 0.1 0:00 safe_mysqld
664 mysql 9 0 1628 1628 1196 S 0 0.0 0.3 0:00 mysqld
666 mysql 8 0 1628 1628 1196 S 0 0.0 0.3 0:00 mysqld
667 mysql 9 0 1628 1628 1196 S 0 0.0 0.3 0:00 mysqld
668 root 18 19 2364 2364 2036 S N 0 0.0 0.4 0:00 cpaneld
669 root 9 0 2360 2360 2028 S 0 0.0 0.4 0:00 cpaneld
679 root 9 0 1728 1728 1036 S 0 0.0 0.3 0:00 webmaild
710 nobody 9 0 1776 1776 1060 S 0 0.0 0.3 0:00 entropychat
719 nobody 9 0 604 604 360 S 0 0.0 0.1 0:00 melange
741 nobody 9 0 1544 1544 1140 S 0 0.0 0.3 0:00 stunnel

ok, this is my best guess. portsentry is running takeing a whole lot, I dont know why, mabey a loop of something is killing it. Then it uses syslog to write its error messages, hence you get your system halted, I guess you could call it a dos attack. check /var/log/messages, see what portsentry is printing to help find the problem

Thanks,

I looked at all the files in /var/log/ and I don't see anything. output from /var/log/messages below. If anyone sees anything please post!

Jul 21 00:09:51 sitekeeper3 syslogd 1.3-3: restart.
Jul 21 00:09:51 sitekeeper3 syslog: syslogd startup succeeded
Jul 21 00:09:51 sitekeeper3 kernel: klogd 1.3-3, log source = /proc/kmsg started.
Jul 21 00:09:51 sitekeeper3 kernel: Inspecting /boot/System.map-2.2.14-5.0
Jul 21 00:09:51 sitekeeper3 syslog: klogd startup succeeded
Jul 21 00:09:51 sitekeeper3 kernel: Loaded 7364 symbols from /boot/System.map-2.2.14-5.0.
Jul 21 00:09:51 sitekeeper3 kernel: Symbols match kernel version 2.2.14.
Jul 21 00:09:51 sitekeeper3 kernel: Loaded 86 symbols from 3 modules.
Jul 21 00:09:51 sitekeeper3 kernel: Linux version 2.2.14-5.0 (root@porky.devel.redhat.com) (gcc version e
gcs-2.91.66 19990314/Linux (egcs-1.1.2 release)) #1 Tue Mar 7 21:07:39 EST 2000
Jul 21 00:09:51 sitekeeper3 kernel: Detected 868650595 Hz processor.
Jul 21 00:09:51 sitekeeper3 kernel: Console: colour VGA+ 80x25
Jul 21 00:09:51 sitekeeper3 kernel: Calibrating delay loop... 865.08 BogoMIPS
Jul 21 00:09:51 sitekeeper3 kernel: Memory: 515132k/522176k available (1060k kernel code, 412k reserved,
5508k data, 64k init, 0k bigmem)
Jul 21 00:09:51 sitekeeper3 kernel: Dentry hash table entries: 262144 (order 9, 2048k)
Jul 21 00:09:51 sitekeeper3 kernel: Buffer cache hash table entries: 524288 (order 9, 2048k)
Jul 21 00:09:51 sitekeeper3 kernel: Page cache hash table entries: 131072 (order 7, 512k)
Jul 21 00:09:51 sitekeeper3 kernel: VFS: Diskquotas version dquot_6.4.0 initialized
Jul 21 00:09:51 sitekeeper3 kernel: CPU: Intel Pentium III (Coppermine) stepping 06
Jul 21 00:09:51 sitekeeper3 kernel: Enabling extended fast FPU save and restore...done.
Jul 21 00:09:51 sitekeeper3 kernel: Not enabling KNI unmasked exception support
Jul 21 00:09:51 sitekeeper3 kernel: Exception 19 error handler not integrated yet
Jul 21 00:09:51 sitekeeper3 kernel: Checking 386/387 coupling... OK, FPU using exception 16 error reporti
ng.
Jul 21 00:09:51 sitekeeper3 kernel: Checking 'hlt' instruction... OK.
Jul 21 00:09:51 sitekeeper3 kernel: POSIX conformance testing by UNIFIX
Jul 21 00:09:51 sitekeeper3 kernel: mtrr: v1.35a (19990819) Richard Gooch (rgooch@atnf.csiro.au)
Jul 21 00:09:51 sitekeeper3 kernel: PCI: PCI BIOS revision 2.10 entry at 0xf0e60
Jul 21 00:09:51 sitekeeper3 kernel: PCI: Using configuration type 1
Jul 21 00:09:51 sitekeeper3 kernel: PCI: Probing PCI hardware
Jul 21 00:09:51 sitekeeper3 kernel: Linux NET4.0 for Linux 2.2
Jul 21 00:09:51 sitekeeper3 kernel: Based upon Swansea University Computer Society NET3.039
Jul 21 00:09:51 sitekeeper3 kernel: NET4: Unix domain sockets 1.0 for Linux NET4.0.
Jul 21 00:09:51 sitekeeper3 kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jul 21 00:09:51 sitekeeper3 kernel: IP Protocols: ICMP, UDP, TCP, IGMP
Jul 21 00:09:51 sitekeeper3 kernel: TCP: Hash tables configured (ehash 524288 bhash 65536)
Jul 21 00:09:51 sitekeeper3 kernel: Initializing RT netlink socket
Jul 21 00:09:51 sitekeeper3 kernel: Starting kswapd v 1.5
Jul 21 00:09:51 sitekeeper3 kernel: Serial driver version 4.27 with MANY_PORTS MULTIPORT SHARE_IRQ enable
d
Jul 21 00:09:51 sitekeeper3 kernel: pty: 256 Unix98 ptys configured
Jul 21 00:09:51 sitekeeper3 kernel: apm: BIOS version 1.2 Flags 0x03 (Driver version 1.9)
messages

odd, thats where mine posts messages too. Also check /usr/local/etc/portsentery.history

that might be in a different directory for you. It should not be using that many resources.

Stopping and restarting portsentry seems to have fixed the problem

Thanks