LinkBack URL
About LinkBacks
Issue with qpidd
I've been getting an email from lfd (the CSF firewall, and I know that's not written by cPanel) about escessive resource usage and suspicious process running under user qpidd.
I am trying to find out what this user is, and if it's something to be concerned about, since I haven't been able to get any info about it.
Here's the full email:
I haven't found anything about the qpidd user, and I only set this server up about a week ago, so I doubt there's anything running on the server that isn't supposed to run...Code:Time: Tue Jun 26 13:21:02 2012 -0400 PID: 2492 Account: qpidd Uptime: 583826 seconds Executable: /usr/sbin/qpidd Command Line (often faked in exploits): /usr/sbin/qpidd --data-dir /var/lib/qpidd --daemon Network connections by the process (if any): tcp: 0.0.0.0:5672 -> 0.0.0.0:0 tcp6: 0.0.0.0:5672 -> 0.0.0.0:0 Files open by the process (if any): /dev/null /dev/null /dev/null anon_inode:[eventpoll] /var/lib/qpidd/lock Memory maps by the process (if any): 00400000-00416000 r-xp 00000000 fd:00 134850 /usr/sbin/qpidd 00616000-00617000 rw-p 00016000 fd:00 134850 /usr/sbin/qpidd 00a48000-00a8a000 rw-p 00000000 00:00 0 00a8a000-00aab000 rw-p 00000000 00:00 0 7f8070000000-7f8070021000 rw-p 00000000 00:00 0 7f8070021000-7f8074000000 ---p 00000000 00:00 0 7f8074000000-7f8074021000 rw-p 00000000 00:00 0 7f8074021000-7f8078000000 ---p 00000000 00:00 0 7f8078000000-7f8078021000 rw-p 00000000 00:00 0 7f8078021000-7f807c000000 ---p 00000000 00:00 0 7f807c000000-7f807c021000 rw-p 00000000 00:00 0 7f807c021000-7f8080000000 ---p 00000000 00:00 0 7f8080000000-7f8080021000 rw-p 00000000 00:00 0 7f8080021000-7f8084000000 ---p 00000000 00:00 0 7f8086eff000-7f8086f00000 ---p 00000000 00:00 0 7f8086f00000-7f8087900000 rw-p 00000000 00:00 0 7f8087900000-7f8087901000 ---p 00000000 00:00 0 7f8087901000-7f8088301000 rw-p 00000000 00:00 0 7f8088301000-7f8088302000 ---p 00000000 00:00 0 7f8088302000-7f8088d02000 rw-p 00000000 00:00 0 7f8088d02000-7f8088d03000 ---p 00000000 00:00 0 7f8088d03000-7f8089703000 rw-p 00000000 00:00 0 7f8089703000-7f8089707000 r-xp 00000000 fd:00 132108 /usr/lib64/sasl2/libanonymous.so.2.0.23 7f8089707000-7f8089906000 ---p 00004000 fd:00 132108 /usr/lib64/sasl2/libanonymous.so.2.0.23 7f8089906000-7f8089907000 r--p 00003000 fd:00 132108 /usr/lib64/sasl2/libanonymous.so.2.0.23 7f8089907000-7f8089908000 rw-p 00004000 fd:00 132108 /usr/lib64/sasl2/libanonymous.so.2.0.23 7f8089908000-7f8089a77000 r-xp 00000000 fd:00 2097232 /lib64/libdb-4.7.so 7f8089a77000-7f8089c76000 ---p 0016f000 fd:00 2097232 /lib64/libdb-4.7.so 7f8089c76000-7f8089c7c000 rw-p 0016e000 fd:00 2097232 /lib64/libdb-4.7.so 7f8089c7c000-7f8089c81000 r-xp 00000000 fd:00 132111 /usr/lib64/sasl2/libsasldb.so.2.0.23 7f8089c81000-7f8089e80000 ---p 00005000 fd:00 132111 /usr/lib64/sasl2/libsasldb.so.2.0.23 7f8089e80000-7f8089e81000 r--p 00004000 fd:00 132111 /usr/lib64/sasl2/libsasldb.so.2.0.23 7f8089e81000-7f8089e82000 rw-p 00005000 fd:00 132111 /usr/lib64/sasl2/libsasldb.so.2.0.23 7f8089e82000-7f8089e83000 ---p 00000000 00:00 0 7f8089e83000-7f808a883000 rw-p 00000000 00:00 0 7f808a883000-7f808a898000 r-xp 00000000 fd:00 2097216 /lib64/libz.so.1.2.3 7f808a898000-7f808aa97000 ---p 00015000 fd:00 2097216 /lib64/libz.so.1.2.3 7f808aa97000-7f808aa98000 r--p 00014000 fd:00 2097216 /lib64/libz.so.1.2.3 7f808aa98000-7f808aa99000 rw-p 00015000 fd:00 2097216 /lib64/libz.so.1.2.3 7f808aa99000-7f808aa9c000 r-xp 00000000 fd:00 2097520 /lib64/libplds4.so 7f808aa9c000-7f808ac9b000 ---p 00003000 fd:00 2097520 /lib64/libplds4.so 7f808ac9b000-7f808ac9c000 r--p 00002000 fd:00 2097520 /lib64/libplds4.so 7f808ac9c000-7f808ac9d000 rw-p 00003000 fd:00 2097520 /lib64/libplds4.so 7f808ac9d000-7f808aca1000 r-xp 00000000 fd:00 2097519 /lib64/libplc4.so 7f808aca1000-7f808aea0000 ---p 00004000 fd:00 2097519 /lib64/libplc4.so 7f808aea0000-7f808aea1000 r--p 00003000 fd:00 2097519 /lib64/libplc4.so 7f808aea1000-7f808aea2000 rw-p 00004000 fd:00 2097519 /lib64/libplc4.so 7f808aea2000-7f808aec2000 r-xp 00000000 fd:00 133392 /usr/lib64/libnssutil3.so 7f808aec2000-7f808b0c1000 ---p 00020000 fd:00 133392 /usr/lib64/libnssutil3.so 7f808b0c1000-7f808b0c7000 r--p 0001f000 fd:00 133392 /usr/lib64/libnssutil3.so 7f808b0c7000-7f808b0c8000 rw-p 00025000 fd:00 133392 /usr/lib64/libnssutil3.so 7f808b0c8000-7f808b101000 r-xp 00000000 fd:00 2097202 /lib64/libnspr4.so 7f808b101000-7f808b300000 ---p 00039000 fd:00 2097202 /lib64/libnspr4.so 7f808b300000-7f808b301000 r--p 00038000 fd:00 2097202 /lib64/libnspr4.so 7f808b301000-7f808b303000 rw-p 00039000 fd:00 2097202 /lib64/libnspr4.so 7f808b303000-7f808b305000 rw-p 00000000 00:00 0 7f808b305000-7f808b33c000 r-xp 00000000 fd:00 134829 /usr/lib64/libssl3.so 7f808b33c000-7f808b53c000 ---p 00037000 fd:00 134829 /usr/lib64/libssl3.so 7f808b53c000-7f808b53e000 r--p 00037000 fd:00 134829 /usr/lib64/libssl3.so 7f808b53e000-7f808b53f000 rw-p 00039000 fd:00 134829 /usr/lib64/libssl3.so 7f808b53f000-7f808b540000 rw-p 00000000 00:00 0 7f808b540000-7f808b673000 r-xp 00000000 fd:00 134827 /usr/lib64/libnss3.so 7f808b673000-7f808b872000 ---p 00133000 fd:00 134827 /usr/lib64/libnss3.so 7f808b872000-7f808b877000 r--p 00132000 fd:00 134827 /usr/lib64/libnss3.so 7f808b877000-7f808b879000 rw-p 00137000 fd:00 134827 /usr/lib64/libnss3.so 7f808b879000-7f808b87b000 rw-p 00000000 00:00 0 7f808b87b000-7f808b8af000 r-xp 00000000 fd:00 134852 /usr/lib64/libsslcommon.so.6.0.0 7f808b8af000-7f808baae000 ---p 00034000 fd:00 134852 /usr/lib64/libsslcommon.so.6.0.0 7f808baae000-7f808bab1000 rw-p 00033000 fd:00 134852 /usr/lib64/libsslcommon.so.6.0.0 7f808bab1000-7f808bad4000 r-xp 00000000 fd:00 525640 /usr/lib64/qpid/daemon/ssl.so 7f808bad4000-7f808bcd3000 ---p 00023000 fd:00 525640 /usr/lib64/qpid/daemon/ssl.so 7f808bcd3000-7f808bcd6000 rw-p 00022000 fd:00 525640 /usr/lib64/qpid/daemon/ssl.so 7f808bcd6000-7f808bd0e000 r-xp 00000000 fd:00 524911 /usr/lib64/qpid/daemon/acl.so 7f808bd0e000-7f808bf0d000 ---p 00038000 fd:00 524911 /usr/lib64/qpid/daemon/acl.so 7f808bf0d000-7f808bf10000 rw-p 00037000 fd:00 524911 /usr/lib64/qpid/daemon/acl.so 7f808bf10000-7f808bf22000 r-xp 00000000 fd:00 526479 /usr/lib64/qpid/daemon/replicating_listener.so 7f808bf22000-7f808c121000 ---p 00012000 fd:00 526479 /usr/lib64/qpid/daemon/replicating_listener.so 7f808c121000-7f808c123000 rw-p 00011000 fd:00 526479 /usr/lib64/qpid/daemon/replicating_listener.so 7f808c123000-7f808c12f000 r-xp 00000000 fd:00 526480 /usr/lib64/qpid/daemon/replication_exchange.so 7f808c12f000-7f808c32f000 ---p 0000c000 fd:00 526480 /usr/lib64/qpid/daemon/replication_exchange.so 7f808c32f000-7f808c330000 rw-p 0000c000 fd:00 526480 /usr/lib64/qpid/daemon/replication_exchange.so 7f808c330000-7f808c38d000 r-xp 00000000 fd:00 2097158 /lib64/libfreebl3.so 7f808c38d000-7f808c58c000 ---p 0005d000 fd:00 2097158 /lib64/libfreebl3.so 7f808c58c000-7f808c58d000 r--p 0005c000 fd:00 2097158 /lib64/libfreebl3.so 7f808c58d000-7f808c58e000 rw-p 0005d000 fd:00 2097158 /lib64/libfreebl3.so 7f808c58e000-7f808c592000 rw-p 00000000 00:00 0 7f808c592000-7f808c599000 r-xp 00000000 fd:00 2097169 /lib64/libcrypt-2.12.so 7f808c599000-7f808c799000 ---p 00007000 fd:00 2097169 /lib64/libcrypt-2.12.so 7f808c799000-7f808c79a000 r--p 00007000 fd:00 2097169 /lib64/libcrypt-2.12.so 7f808c79a000-7f808c79b000 rw-p 00008000 fd:00 2097169 /lib64/libcrypt-2.12.so 7f808c79b000-7f808c7c9000 rw-p 00000000 00:00 0 7f808c7c9000-7f808c7df000 r-xp 00000000 fd:00 2097191 /lib64/libresolv-2.12.so 7f808c7df000-7f808c9df000 ---p 00016000 fd:00 2097191 /lib64/libresolv-2.12.so 7f808c9df000-7f808c9e0000 r--p 00016000 fd:00 2097191 /lib64/libresolv-2.12.so 7f808c9e0000-7f808c9e1000 rw-p 00017000 fd:00 2097191 /lib64/libresolv-2.12.so 7f808c9e1000-7f808c9e3000 rw-p 00000000 00:00 0 7f808c9e3000-7f808c9e6000 r-xp 00000000 fd:00 132319 /usr/lib64/libboost_system.so.5 7f808c9e6000-7f808cbe5000 ---p 00003000 fd:00 132319 /usr/lib64/libboost_system.so.5 7f808cbe5000-7f808cbe6000 rw-p 00002000 fd:00 132319 /usr/lib64/libboost_system.so.5 7f808cbe6000-7f808cbfd000 r-xp 00000000 fd:00 2097189 /lib64/libpthread-2.12.so 7f808cbfd000-7f808cdfc000 ---p 00017000 fd:00 2097189 /lib64/libpthread-2.12.so 7f808cdfc000-7f808cdfd000 r--p 00016000 fd:00 2097189 /lib64/libpthread-2.12.so 7f808cdfd000-7f808cdfe000 rw-p 00017000 fd:00 2097189 /lib64/libpthread-2.12.so 7f808cdfe000-7f808ce02000 rw-p 00000000 00:00 0 7f808ce02000-7f808cf88000 r-xp 00000000 fd:00 2097165 /lib64/libc-2.12.so 7f808cf88000-7f808d188000 ---p 00186000 fd:00 2097165 /lib64/libc-2.12.so 7f808d188000-7f808d18c000 r--p 00186000 fd:00 2097165 /lib64/libc-2.12.so 7f808d18c000-7f808d18d000 rw-p 0018a000 fd:00 2097165 /lib64/libc-2.12.so 7f808d18d000-7f808d192000 rw-p 00000000 00:00 0 7f808d192000-7f808d1a8000 r-xp 00000000 fd:00 2097154 /lib64/libgcc_s-4.4.6-20110824.so.1 7f808d1a8000-7f808d3a7000 ---p 00016000 fd:00 2097154 /lib64/libgcc_s-4.4.6-20110824.so.1 7f808d3a7000-7f808d3a8000 rw-p 00015000 fd:00 2097154 /lib64/libgcc_s-4.4.6-20110824.so.1 7f808d3a8000-7f808d42b000 r-xp 00000000 fd:00 2097173 /lib64/libm-2.12.so 7f808d42b000-7f808d62a000 ---p 00083000 fd:00 2097173 /lib64/libm-2.12.so 7f808d62a000-7f808d62b000 r--p 00082000 fd:00 2097173 /lib64/libm-2.12.so 7f808d62b000-7f808d62c000 rw-p 00083000 fd:00 2097173 /lib64/libm-2.12.so 7f808d62c000-7f808d714000 r-xp 00000000 fd:00 132046 /usr/lib64/libstdc++.so.6.0.13 7f808d714000-7f808d914000 ---p 000e8000 fd:00 132046 /usr/lib64/libstdc++.so.6.0.13 7f808d914000-7f808d91b000 r--p 000e8000 fd:00 132046 /usr/lib64/libstdc++.so.6.0.13 7f808d91b000-7f808d91d000 rw-p 000ef000 fd:00 132046 /usr/lib64/libstdc++.so.6.0.13 7f808d91d000-7f808d932000 rw-p 00000000 00:00 0 7f808d932000-7f808d94b000 r-xp 00000000 fd:00 132104 /usr/lib64/libsasl2.so.2.0.23 7f808d94b000-7f808db4a000 ---p 00019000 fd:00 132104 /usr/lib64/libsasl2.so.2.0.23 7f808db4a000-7f808db4b000 r--p 00018000 fd:00 132104 /usr/lib64/libsasl2.so.2.0.23 7f808db4b000-7f808db4c000 rw-p 00019000 fd:00 132104 /usr/lib64/libsasl2.so.2.0.23 7f808db4c000-7f808db53000 r-xp 00000000 fd:00 2097193 /lib64/librt-2.12.so 7f808db53000-7f808dd52000 ---p 00007000 fd:00 2097193 /lib64/librt-2.12.so 7f808dd52000-7f808dd53000 r--p 00006000 fd:00 2097193 /lib64/librt-2.12.so 7f808dd53000-7f808dd54000 rw-p 00007000 fd:00 2097193 /lib64/librt-2.12.so 7f808dd54000-7f808dd56000 r-xp 00000000 fd:00 2097171 /lib64/libdl-2.12.so 7f808dd56000-7f808df56000 ---p 00002000 fd:00 2097171 /lib64/libdl-2.12.so 7f808df56000-7f808df57000 r--p 00002000 fd:00 2097171 /lib64/libdl-2.12.so 7f808df57000-7f808df58000 rw-p 00003000 fd:00 2097171 /lib64/libdl-2.12.so 7f808df58000-7f808df5c000 r-xp 00000000 fd:00 2097231 /lib64/libuuid.so.1.3.0 7f808df5c000-7f808e15b000 ---p 00004000 fd:00 2097231 /lib64/libuuid.so.1.3.0 7f808e15b000-7f808e15c000 rw-p 00003000 fd:00 2097231 /lib64/libuuid.so.1.3.0 7f808e15c000-7f808e170000 r-xp 00000000 fd:00 132321 /usr/lib64/libboost_filesystem.so.5 7f808e170000-7f808e370000 ---p 00014000 fd:00 132321 /usr/lib64/libboost_filesystem.so.5 7f808e370000-7f808e371000 rw-p 00014000 fd:00 132321 /usr/lib64/libboost_filesystem.so.5 7f808e371000-7f808e3ba000 r-xp 00000000 fd:00 132258 /usr/lib64/libboost_program_options.so.5 7f808e3ba000-7f808e5ba000 ---p 00049000 fd:00 132258 /usr/lib64/libboost_program_options.so.5 7f808e5ba000-7f808e5be000 rw-p 00049000 fd:00 132258 /usr/lib64/libboost_program_options.so.5 7f808e5be000-7f808e5d8000 r-xp 00000000 fd:00 134249 /usr/lib64/libqpidtypes.so.1.2.0 7f808e5d8000-7f808e7d8000 ---p 0001a000 fd:00 134249 /usr/lib64/libqpidtypes.so.1.2.0 7f808e7d8000-7f808e7d9000 rw-p 0001a000 fd:00 134249 /usr/lib64/libqpidtypes.so.1.2.0 7f808e7d9000-7f808ea56000 r-xp 00000000 fd:00 134838 /usr/lib64/libqpidcommon.so.6.0.0 7f808ea56000-7f808ec55000 ---p 0027d000 fd:00 134838 /usr/lib64/libqpidcommon.so.6.0.0 7f808ec55000-7f808ec76000 rw-p 0027c000 fd:00 134838 /usr/lib64/libqpidcommon.so.6.0.0 7f808ec76000-7f808ec77000 rw-p 00000000 00:00 0 7f808ec77000-7f808ef3c000 r-xp 00000000 fd:00 134849 /usr/lib64/libqpidbroker.so.6.0.0 7f808ef3c000-7f808f13c000 ---p 002c5000 fd:00 134849 /usr/lib64/libqpidbroker.so.6.0.0 7f808f13c000-7f808f154000 rw-p 002c5000 fd:00 134849 /usr/lib64/libqpidbroker.so.6.0.0 7f808f154000-7f808f158000 rw-p 00000000 00:00 0 7f808f158000-7f808f178000 r-xp 00000000 fd:00 2097506 /lib64/ld-2.12.so 7f808f32e000-7f808f35f000 rw-p 00000000 00:00 0 7f808f35f000-7f808f36c000 rw-p 00000000 00:00 0 7f808f376000-7f808f377000 rw-p 00000000 00:00 0 7f808f377000-7f808f378000 r--p 0001f000 fd:00 2097506 /lib64/ld-2.12.so 7f808f378000-7f808f379000 rw-p 00020000 fd:00 2097506 /lib64/ld-2.12.so 7f808f379000-7f808f37a000 rw-p 00000000 00:00 0 7fff71c47000-7fff71c5c000 rw-p 00000000 00:00 0 [stack] 7fff71c8b000-7fff71c8c000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Does anyone have any ideas?
Any help is very much appreciated...
Thanks a lot!
Isaac
Reply With Quote
Originally Posted by cPanelTristan
