Code: Select all
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13427 jafarian 20 0 2319732 72848 1656 S 2922 0.1 1293:00 sh
Code: Select all
[root@rocks7 ~]# cat /proc/13427/cmdline
ntpd[root@rocks7 ~]#
I even killed all user processes, but still see that on the system. It is really bothering.... Why ntpd is running by a non admin user?
The nptd entries in /var/log/messages shows nothing suspicious
Code: Select all
[root@rocks7 ~]# cat /var/log/messages | grep ntpd
Sep 24 14:23:00 rocks7 ntpd[32277]: ntpd 4.2.6p5@1.2349-o Wed Apr 12 21:24:06 UTC 2017 (1)
Sep 24 14:23:00 rocks7 ntpd[32280]: proto: precision = 0.160 usec
Sep 24 14:23:00 rocks7 ntpd[32280]: 0.0.0.0 c01d 0d kern kernel time sync enabled
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen and drop on 1 v6wildcard :: UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen normally on 2 lo 127.0.0.1 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen normally on 3 enp3s0 10.1.1.1 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen normally on 4 enp2s0f0 172.20.54.10 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen normally on 5 virbr0 192.168.122.1 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen normally on 6 lo ::1 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen normally on 7 enp2s0f0 fe80::2e0:81ff:fec6:d534 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listen normally on 8 enp3s0 fe80::2e0:81ff:fec6:d701 UDP 123
Sep 24 14:23:00 rocks7 ntpd[32280]: Listening on routing socket on fd #25 for interface updates
Sep 24 14:23:02 rocks7 ntpd[32280]: 0.0.0.0 c016 06 restart
Sep 24 14:23:02 rocks7 ntpd[32280]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Sep 24 14:23:02 rocks7 ntpd[32280]: 0.0.0.0 c011 01 freq_not_set
Sep 24 14:23:08 rocks7 ntpd[32280]: 0.0.0.0 c614 04 freq_mode
Sep 24 14:41:15 rocks7 ntpd[32280]: 0.0.0.0 0612 02 freq_set kernel -28.500 PPM
Sep 24 14:41:15 rocks7 ntpd[32280]: 0.0.0.0 0615 05 clock_sync
Code: Select all
[root@rocks7 ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-09-24 14:23:00 +0330; 9h ago
Process: 32277 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 32280 (ntpd)
CGroup: /system.slice/ntpd.service
└─32280 /usr/sbin/ntpd -u ntp:ntp -g
Sep 24 14:23:00 rocks7.jupiterclusterscu.com ntpd[32280]: Listen normally on 7 enp2s0f0 fe80::2...23
Sep 24 14:23:00 rocks7.jupiterclusterscu.com ntpd[32280]: Listen normally on 8 enp3s0 fe80::2e0...23
Sep 24 14:23:00 rocks7.jupiterclusterscu.com ntpd[32280]: Listening on routing socket on fd #25...es
Sep 24 14:23:00 rocks7.jupiterclusterscu.com systemd[1]: Started Network Time Service.
Sep 24 14:23:02 rocks7.jupiterclusterscu.com ntpd[32280]: 0.0.0.0 c016 06 restart
Sep 24 14:23:02 rocks7.jupiterclusterscu.com ntpd[32280]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Sep 24 14:23:02 rocks7.jupiterclusterscu.com ntpd[32280]: 0.0.0.0 c011 01 freq_not_set
Sep 24 14:23:08 rocks7.jupiterclusterscu.com ntpd[32280]: 0.0.0.0 c614 04 freq_mode
Sep 24 14:41:15 rocks7.jupiterclusterscu.com ntpd[32280]: 0.0.0.0 0612 02 freq_set kernel -28.5...PM
Sep 24 14:41:15 rocks7.jupiterclusterscu.com ntpd[32280]: 0.0.0.0 0615 05 clock_sync
Hint: Some lines were ellipsized, use -l to show in full.