What is this process called "linux-sendpage" that is running on Red Hat Enterprise Linux?
Issue
-
I have an ftp server that was sitting inactive on our DMZ, so it had open ports for ftp to the outside. I got some alerts that CPU was at 100%, it looked like I had 2 users I don't recall creating "user1" and "user2". These systems have been around a long time and maybe someone else created these, I don't recall.
-
The "user1" account had a process called "linux-sendpage" that was hitting the cpu 100%, I couldn't kill the process, I tried a "kill -9 processid" and it wouldn't die. I disabled the "user1" and "user2" account and rebooted the system to get rid of the problem. We are rebuilding these servers as we speak on a newer version of Redhat, but until then how do we protect ourselves from this? Was this a hack?
Environment
- Red Hat Enterprise Linux 4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
