LFD - Suspicious process running under user postgres

eventtex

Member
Feb 17, 2021
22
4
3
evreux
cPanel Access Level
Root Administrator
Hello,

I come to you because I received several notification emails from my VPS server entitled: LFD - Suspicious process running under user postgres

Here is the content of the email

Time: Sun May 29 11:00:57 2022 +0200
PID: 12692 (Parent PID:12686)
Account: postgres
Uptime: 801371 seconds


Executable:

/usr/pgsql-10/bin/postgres


Command Line (often faked in exploits):

postgres: wal writer process


Network connections by the process (if any):

udp6: 0:0:0:0:0:0:0:1:52577 -> 0:0:0:0:0:0:0:1:52577


Files open by the process (if any):

/dev/null
/var/lib/pgsql/10/data/pg_wal/000000010000000000000001
anon_inode:[eventpoll]


Memory maps by the process (if any):

00400000-00aaa000 r-xp 00000000 08:01 8626148 /usr/pgsql-10/bin/postgres
00ca9000-00caa000 r--p 006a9000 08:01 8626148 /usr/pgsql-10/bin/postgres
00caa000-00cb8000 rw-p 006aa000 08:01 8626148 /usr/pgsql-10/bin/postgres
00cb8000-00d21000 rw-p 00000000 00:00 0
01f96000-01fdf000 rw-p 00000000 00:00 0 [heap]
7f10c87eb000-7f10d1595000 rw-s 00000000 00:04 329491107 /dev/zero (deleted)
7f10d1595000-7f10d7ad7000 r--p 00000000 08:01 3144553 /usr/lib/locale/locale-archive
7f10d7ad7000-7f10d7ad9000 r-xp 00000000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7ad9000-7f10d7cd8000 ---p 00002000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7cd8000-7f10d7cd9000 r--p 00001000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7cd9000-7f10d7cda000 rw-p 00002000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7cda000-7f10d7ce9000 r-xp 00000000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7ce9000-7f10d7ee8000 ---p 0000f000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7ee8000-7f10d7ee9000 r--p 0000e000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7ee9000-7f10d7eea000 rw-p 0000f000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7eea000-7f10d7f01000 r-xp 00000000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d7f01000-7f10d8100000 ---p 00017000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d8100000-7f10d8101000 r--p 00016000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d8101000-7f10d8102000 rw-p 00017000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d8102000-7f10d8162000 r-xp 00000000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8162000-7f10d8362000 ---p 00060000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8362000-7f10d8363000 r--p 00060000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8363000-7f10d8364000 rw-p 00061000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8364000-7f10d8368000 r-xp 00000000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8368000-7f10d8567000 ---p 00004000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8567000-7f10d8568000 r--p 00003000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8568000-7f10d8569000 rw-p 00004000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8569000-7f10d8571000 r-xp 00000000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8571000-7f10d8770000 ---p 00008000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8770000-7f10d8771000 r--p 00007000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8771000-7f10d8772000 rw-p 00008000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8772000-7f10d87a0000 rw-p 00000000 00:00 0
7f10d87a0000-7f10d87a4000 r-xp 00000000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d87a4000-7f10d89a4000 ---p 00004000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d89a4000-7f10d89a5000 r--p 00004000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d89a5000-7f10d89a6000 rw-p 00005000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d89a6000-7f10d89f4000 r-xp 00000000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d89f4000-7f10d8bf4000 ---p 0004e000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d8bf4000-7f10d8bf6000 r--p 0004e000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d8bf6000-7f10d8bf7000 rw-p 00050000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d8bf7000-7f10d8bfb000 r-xp 00000000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8bfb000-7f10d8dfa000 ---p 00004000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8dfa000-7f10d8dfb000 r--p 00003000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8dfb000-7f10d8dfc000 rw-p 00004000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8dfc000-7f10d8e79000 r-xp 00000000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d8e79000-7f10d9078000 ---p 0007d000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d9078000-7f10d9079000 r--p 0007c000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d9079000-7f10d907c000 rw-p 0007d000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d907c000-7f10d907d000 rw-p 00000000 00:00 0
7f10d907d000-7f10d908b000 r-xp 00000000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d908b000-7f10d928a000 ---p 0000e000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d928a000-7f10d928b000 r--p 0000d000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d928b000-7f10d928c000 rw-p 0000e000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d928c000-7f10d92b0000 r-xp 00000000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d92b0000-7f10d94af000 ---p 00024000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d94af000-7f10d94b0000 r--p 00023000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d94b0000-7f10d94b1000 rw-p 00024000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d94b1000-7f10d94b3000 rw-p 00000000 00:00 0
7f10d94b3000-7f10d94b7000 r-xp 00000000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d94b7000-7f10d96b6000 ---p 00004000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d96b6000-7f10d96b7000 r--p 00003000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d96b7000-7f10d96b8000 rw-p 00004000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d96b8000-7f10daa8a000 r-xp 00000000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10daa8a000-7f10dac89000 ---p 013d2000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10dac89000-7f10dac8a000 r--p 013d1000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10dac8a000-7f10dac8b000 rw-p 013d2000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10dac8b000-7f10daca0000 r-xp 00000000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10daca0000-7f10dae9f000 ---p 00015000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10dae9f000-7f10daea0000 r--p 00014000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10daea0000-7f10daea1000 rw-p 00015000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10daea1000-7f10daf8a000 r-xp 00000000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10daf8a000-7f10db18a000 ---p 000e9000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10db18a000-7f10db192000 r--p 000e9000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10db192000-7f10db194000 rw-p 000f1000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10db194000-7f10db1a9000 rw-p 00000000 00:00 0
7f10db1a9000-7f10db1e3000 r-xp 00000000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db1e3000-7f10db3e2000 ---p 0003a000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db3e2000-7f10db3e3000 r--p 00039000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db3e3000-7f10db3e5000 rw-p 0003a000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db3e5000-7f10db3e7000 rw-p 00000000 00:00 0
7f10db3e7000-7f10db3eb000 r-xp 00000000 08:01 3219103 /usr/lib64/libplc4.so
7f10db3eb000-7f10db5ea000 ---p 00004000 08:01 3219103 /usr/lib64/libplc4.so
7f10db5ea000-7f10db5eb000 r--p 00003000 08:01 3219103 /usr/lib64/libplc4.so
7f10db5eb000-7f10db5ec000 rw-p 00004000 08:01 3219103 /usr/lib64/libplc4.so
7f10db5ec000-7f10db5ef000 r-xp 00000000 08:01 3219104 /usr/lib64/libplds4.so
7f10db5ef000-7f10db7ee000 ---p 00003000 08:01 3219104 /usr/lib64/libplds4.so
7f10db7ee000-7f10db7ef000 r--p 00002000 08:01 3219104 /usr/lib64/libplds4.so
7f10db7ef000-7f10db7f0000 rw-p 00003000 08:01 3219104 /usr/lib64/libplds4.so
7f10db7f0000-7f10db819000 r-xp 00000000 08:01 11393 /usr/lib64/libnssutil3.so
7f10db819000-7f10dba18000 ---p 00029000 08:01 11393 /usr/lib64/libnssutil3.so
7f10dba18000-7f10dba1f000 r--p 00028000 08:01 11393 /usr/lib64/libnssutil3.so
7f10dba1f000-7f10dba20000 rw-p 0002f000 08:01 11393 /usr/lib64/libnssutil3.so
7f10dba20000-7f10dbb50000 r-xp 00000000 08:01 564431 /usr/lib64/libnss3.so
7f10dbb50000-7f10dbd50000 ---p 00130000 08:01 564431 /usr/lib64/libnss3.so
7f10dbd50000-7f10dbd55000 r--p 00130000 08:01 564431 /usr/lib64/libnss3.so
7f10dbd55000-7f10dbd58000 rw-p 00135000 08:01 564431 /usr/lib64/libnss3.so
7f10dbd58000-7f10dbd59000 rw-p 00000000 00:00 0
7f10dbd59000-7f10dbd7e000 r-xp 00000000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbd7e000-7f10dbf7d000 ---p 00025000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbf7d000-7f10dbf80000 r--p 00024000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbf80000-7f10dbf81000 rw-p 00027000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbf81000-7f10dbfde000 r-xp 00000000 08:01 1841517 /usr/lib64/libssl3.so
7f10dbfde000-7f10dc1de000 ---p 0005d000 08:01 1841517 /usr/lib64/libssl3.so
7f10dc1de000-7f10dc1e2000 r--p 0005d000 08:01 1841517 /usr/lib64/libssl3.so
7f10dc1e2000-7f10dc1e3000 rw-p 00061000 08:01 1841517 /usr/lib64/libssl3.so
7f10dc1e3000-7f10dc1e4000 rw-p 00000000 00:00 0
7f10dc1e4000-7f10dc200000 r-xp 00000000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc200000-7f10dc3ff000 ---p 0001c000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc3ff000-7f10dc400000 r--p 0001b000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc400000-7f10dc401000 rw-p 0001c000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc401000-7f10dc40f000 r-xp 00000000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc40f000-7f10dc60e000 ---p 0000e000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc60e000-7f10dc60f000 r--p 0000d000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc60f000-7f10dc610000 rw-p 0000e000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc610000-7f10dc626000 r-xp 00000000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc626000-7f10dc826000 ---p 00016000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc826000-7f10dc827000 r--p 00016000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc827000-7f10dc828000 rw-p 00017000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc828000-7f10dc82a000 rw-p 00000000 00:00 0
7f10dc82a000-7f10dc82d000 r-xp 00000000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dc82d000-7f10dca2c000 ---p 00003000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dca2c000-7f10dca2d000 r--p 00002000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dca2d000-7f10dca2e000 rw-p 00003000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dca2e000-7f10dca3c000 r-xp 00000000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dca3c000-7f10dcc3c000 ---p 0000e000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dcc3c000-7f10dcc3d000 r--p 0000e000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dcc3d000-7f10dcc3e000 rw-p 0000f000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dcc3e000-7f10dcc6f000 r-xp 00000000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dcc6f000-7f10dce6e000 ---p 00031000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dce6e000-7f10dce70000 r--p 00030000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dce70000-7f10dce71000 rw-p 00032000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dce71000-7f10dce74000 r-xp 00000000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dce74000-7f10dd073000 ---p 00003000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dd073000-7f10dd074000 r--p 00002000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dd074000-7f10dd075000 rw-p 00003000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dd075000-7f10dd14e000 r-xp 00000000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd14e000-7f10dd34d000 ---p 000d9000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd34d000-7f10dd35b000 r--p 000d8000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd35b000-7f10dd35e000 rw-p 000e6000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd35e000-7f10dd37c000 r-xp 00000000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd37c000-7f10dd57b000 ---p 0001e000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd57b000-7f10dd57c000 r--p 0001d000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd57c000-7f10dd57d000 rw-p 0001e000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd57d000-7f10dd587000 rw-p 00000000 00:00 0
7f10dd587000-7f10dd5ac000 r-xp 00000000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd5ac000-7f10dd7ab000 ---p 00025000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd7ab000-7f10dd7ac000 r--p 00024000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd7ac000-7f10dd7ad000 rw-p 00025000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd7ad000-7f10dd7c2000 r-xp 00000000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd7c2000-7f10dd9c1000 ---p 00015000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd9c1000-7f10dd9c2000 r--p 00014000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd9c2000-7f10dd9c3000 rw-p 00015000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd9c3000-7f10ddb87000 r-xp 00000000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddb87000-7f10ddd86000 ---p 001c4000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddd86000-7f10ddd8a000 r--p 001c3000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddd8a000-7f10ddd8c000 rw-p 001c7000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddd8c000-7f10ddd91000 rw-p 00000000 00:00 0
7f10ddd91000-7f10dddc0000 r-xp 00000000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10dddc0000-7f10ddfc0000 ---p 0002f000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10ddfc0000-7f10ddfc1000 r--p 0002f000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10ddfc1000-7f10ddfc2000 rw-p 00030000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10ddfc2000-7f10de126000 r-xp 00000000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de126000-7f10de326000 ---p 00164000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de326000-7f10de336000 r--p 00164000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de336000-7f10de337000 rw-p 00174000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de337000-7f10de33b000 rw-p 00000000 00:00 0
7f10de33b000-7f10de52b000 r-xp 00000000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de52b000-7f10de72b000 ---p 001f0000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de72b000-7f10de737000 r--p 001f0000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de737000-7f10de739000 rw-p 001fc000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de739000-7f10de73a000 rw-p 00000000 00:00 0
7f10de73a000-7f10de78c000 r-xp 00000000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de78c000-7f10de98c000 ---p 00052000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de98c000-7f10de98e000 r--p 00052000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de98e000-7f10de98f000 rw-p 00054000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de98f000-7f10dea90000 r-xp 00000000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dea90000-7f10dec8f000 ---p 00101000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dec8f000-7f10dec90000 r--p 00100000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dec90000-7f10dec91000 rw-p 00101000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dec91000-7f10dec93000 r-xp 00000000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dec93000-7f10dee93000 ---p 00002000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dee93000-7f10dee94000 r--p 00002000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dee94000-7f10dee95000 rw-p 00003000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dee95000-7f10dee9c000 r-xp 00000000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10dee9c000-7f10df09b000 ---p 00007000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10df09b000-7f10df09c000 r--p 00006000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10df09c000-7f10df09d000 rw-p 00007000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10df09d000-7f10df0e7000 r-xp 00000000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df0e7000-7f10df2e7000 ---p 0004a000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df2e7000-7f10df2e8000 r--p 0004a000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df2e8000-7f10df2ea000 rw-p 0004b000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df2ea000-7f10df521000 r-xp 00000000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df521000-7f10df720000 ---p 00237000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df720000-7f10df73c000 r--p 00236000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df73c000-7f10df749000 rw-p 00252000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df749000-7f10df74d000 rw-p 00000000 00:00 0
7f10df74d000-7f10df7b4000 r-xp 00000000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df7b4000-7f10df9b4000 ---p 00067000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df9b4000-7f10df9b8000 r--p 00067000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df9b8000-7f10df9bf000 rw-p 0006b000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df9bf000-7f10df9cc000 r-xp 00000000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10df9cc000-7f10dfbcc000 ---p 0000d000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10dfbcc000-7f10dfbcd000 r--p 0000d000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10dfbcd000-7f10dfbce000 rw-p 0000e000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10dfbce000-7f10dfd2c000 r-xp 00000000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dfd2c000-7f10dff2c000 ---p 0015e000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dff2c000-7f10dff34000 r--p 0015e000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dff34000-7f10dff36000 rw-p 00166000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dff36000-7f10dff38000 rw-p 00000000 00:00 0
7f10dff38000-7f10dff4f000 r-xp 00000000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10dff4f000-7f10e014e000 ---p 00017000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10e014e000-7f10e014f000 r--p 00016000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10e014f000-7f10e0150000 rw-p 00017000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10e0150000-7f10e0154000 rw-p 00000000 00:00 0
7f10e0154000-7f10e0176000 r-xp 00000000 08:01 2585439 /usr/lib64/ld-2.17.so
7f10e02e2000-7f10e034e000 r--s 00000000 08:01 8413786 /var/db/nscd/hosts
7f10e034e000-7f10e0368000 rw-p 00000000 00:00 0
7f10e036f000-7f10e0373000 rw-s 00000000 00:12 329491109 /dev/shm/PostgreSQL.608381395
7f10e0373000-7f10e0374000 rw-s 00000000 00:04 10 /SYSV0052e2c1 (deleted)
7f10e0374000-7f10e0375000 rw-p 00000000 00:00 0
7f10e0375000-7f10e0376000 r--p 00021000 08:01 2585439 /usr/lib64/ld-2.17.so
7f10e0376000-7f10e0377000 rw-p 00022000 08:01 2585439 /usr/lib64/ld-2.17.so
7f10e0377000-7f10e0378000 rw-p 00000000 00:00 0
7ffd75ebf000-7ffd75ee0000 rw-p 00000000 00:00 0 [stack]
7ffd75fc5000-7ffd75fc7000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
I wanted to have your opinion on this subject to know if I should take this alert into account or not?

Is there a risk that I have a malicious file?

I looked at the processes that are running and I didn't notice anything.

Thanks for your help.
Julian
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,719
1,862
363
cPanel Access Level
Root Administrator
Hey there! When PostGreSQL is installed with the "/scripts/installpostgres" command that currently installs version 9, so cPanel would not be creating anything in /usr/pgsql-10/bin/postgres. If you have manually installed a newer version of PostGreSQL on the machine, that would explain that file path. If you did perform a manual installation, and are using PostGreSQL on the server, it's possible that CSF could have flagged that process and you just need to add it to the LFD ignore list.
 

eventtex

Member
Feb 17, 2021
22
4
3
evreux
cPanel Access Level
Root Administrator
Hey there! When PostGreSQL is installed with the "/scripts/installpostgres" command that currently installs version 9, so cPanel would not be creating anything in /usr/pgsql-10/bin/postgres. If you have manually installed a newer version of PostGreSQL on the machine, that would explain that file path. If you did perform a manual installation, and are using PostGreSQL on the server, it's possible that CSF could have flagged that process and you just need to add it to the LFD ignore list.
Hello,

Thank you for your reply. In the CSF settings at WHM level I edited the file /etc/csf/csf.ignore by adding the following line:

exe:/usr/pgsql-10/bin/postgres

However, I always receive the same type of email.

Can you tell me if the syntax of the line I added is correct?

Thank you for your reply.