The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Noob...strange cpu usage

Discussion in 'General Discussion' started by dm12dm, Jun 2, 2006.

  1. dm12dm

    dm12dm Registered

    Joined:
    Jan 27, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Ok, to warn everyone I am a total noob. I have gone through the sticy thread and done the basic things to secure server....but I noticed the following items in the 'Todays CPU Usage' Section of WHM. First I am seeing entries like this:

    Top Process %CPU 3.0 sshd: unknown [priv]
    Top Process %CPU 2.0 sshd: unknown [priv]
    sshd 0.01 0.01 0.0
    Top Process %CPU 1.0 sshd: unknown [net]


    This seems strange to me, becuase I didn't ssh into the server. Is this just here due to the ssh process being run or is it because some one is trying to login? Also looking at previous days I see different things regarding ssh. Like this for example

    Top Process %CPU 3.0 sshd: unknown [priv]
    Top Process %CPU 2.0 sshd: [accepted]

    I also see several 1 letter named things that seem suspicous to me.

    n, r, s, c, t, d, and m and they all have 0.00 0.00 0.0 for %CPU,%MEM, and Mysql Processes


    Does anyone have any idea of what some of them are or if I have problem?
    Thanks in advanced for any info.
     
  2. OCX

    OCX Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    you need to secure ssh

    1. in WHM feature manager uncheck SSH this way you clients can access ssh

    2. edit your sshd_config file ( pico /etc/ssh/sshd_config )
    find this

    #Port 22
    #Protocol 2, 1
    #ListenAddress ::
    #ListenAddress ::

    make it be something like this remove the # <<< symbol

    Port 922
    Protocol 2
    ListenAddress IP# of your server
    #ListenAddress ::

    Port number change so no one knows the common port
    besure to edit your firewall to reflect that port number or you ll lock your self out

    Protocal 2 is more secure

    listen address is so no one is connecting to every IP# you have on your box



    if you cant or dont know how to do this..then get someone to help you
    secure your box :)

    OCX
     
  3. dm12dm

    dm12dm Registered

    Joined:
    Jan 27, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thanks, However I have allready done those things. I was more wondering if the activity I mentioed above indicated any problems.

    Perhaps I should look into checking SSH logins. I allready have email notification when someone logs in as root. Is there any way view all SSH login attempts?
     
Loading...

Share This Page