0

So I cant seem to find any information ANYWHERE on what this process, "sysnetd", does. I've run LSOF etc but nothing seems to provide any info I know what to do with. The /proc/pid folder also doesnt seem to provide any details (that I know what to do with). This is your standard LAMP apache web/mail server

What I do know is I have two totally seperate VPS' with Centos 7 and the process exists on both. However, only on one of them is it using 60-90% cpu at all times and...this is a new issue.

Any help?

lsof command results:

COMMAND  PID USER   FD   TYPE     DEVICE SIZE/OFF       NODE NAME
sysnetd 1946 root  cwd    DIR 182,261649     4096       3361 /root
sysnetd 1946 root  rtd    DIR 182,261649     4096          2 /
sysnetd 1946 root  txt    REG 182,261649    34726     120806 /usr/sbin/sysnetd
sysnetd 1946 root  mem    REG 182,261649  2156592     107927 /usr/lib64/libc-2.17.so
sysnetd 1946 root  mem    REG 182,261649   163312     107920 /usr/lib64/ld-2.17.so
sysnetd 1946 root    0r  FIFO       0,10      0t0 3550041065 pipe
sysnetd 1946 root    1w  FIFO       0,10      0t0 3550041066 pipe
sysnetd 1946 root    2w  FIFO       0,10      0t0 3550041066 pipe
sysnetd 1946 root    3u   CHR        1,3      0t0 3550024220 /dev/null
sysnetd 1946 root    4u   CHR        1,3      0t0 3550024220 /dev/null
sysnetd 1946 root    5u   CHR        1,3      0t0 3550024220 /dev/null
user1449369
  • 1
  • try `yum provides /usr/sbin/sysnetd` to find out which package (if any) it belongs to, – user9517 May 03 '22 at 07:21
  • 1
    There are methods to [find out which package a file belongs to](https://stackoverflow.com/questions/1133495/how-do-i-find-which-rpm-package-supplies-a-file-im-looking-for). If it doesn't belong to any package, and you didn't put it there, I'd [consider the server compromised](https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server). – Gerald Schneider May 03 '22 at 07:22

1 Answers1

0

If the executable was installed from a package:

rpm -qf /usr/sbin/sysnetd

and rpm -qi and rpm -ql on the resulting package name will provide info.

If it wasn't installed from package, it may be something you installed manually or in the worst case, something an intruder left behind.

If the executable is a script, you can simply open it with an editor and check what it does.

When it is a binary file strings /path/to/executable is a quick method to show you the printable characters in that file. Often that will show among others the built-in help and error messages which may explain what the executable does.

Rob
  • 1,137
  • 7
  • Thank you for responding! So, I confirmed it is not from a package. It is a binary and the strings command ofcourse pulls up all sorts of random stuff, but nothing that stands out (log files/help/etc). I am starting to suspect the host, and only the host, may have a clue what this is. I have messaged them in hopes they might know. I considered posting the results of the strings command, but its extremely long and not sure it would be acceptable – user1449369 May 03 '22 at 15:44