Thread: problems with hosts.deny and denyhosts - cannot get it to stop
View Single Post
  #5  
Old 27th May 2008, 19:50
chillifire chillifire is offline
HowtoForge Supporter
  
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 2 Times in 2 Posts
Default Output as requested
ps aux
Code:
root         1  0.0  0.2   1920   532 ?        Ss   May26   0:00 /sbin/init
root         2  0.0  0.0      0     0 ?        S    May26   0:00 [migration/0]
root         3  0.0  0.0      0     0 ?        SN   May26   0:00 [ksoftirqd/0]
root         4  0.0  0.0      0     0 ?        S<   May26   0:00 [events/0]
root         5  0.0  0.0      0     0 ?        S<   May26   0:00 [khelper]
root         6  0.0  0.0      0     0 ?        S<   May26   0:00 [kthread]
root         7  0.0  0.0      0     0 ?        S<   May26   0:00 [xenwatch]
root         8  0.0  0.0      0     0 ?        S<   May26   0:00 [xenbus]
root        14  0.0  0.0      0     0 ?        S<   May26   0:00 [kblockd/0]
root        16  0.0  0.0      0     0 ?        S<   May26   0:00 [kseriod]
root        59  0.0  0.0      0     0 ?        S<   May26   0:00 [kswapd0]
root        60  0.0  0.0      0     0 ?        S<   May26   0:00 [aio/0]
root        61  0.0  0.0      0     0 ?        S<   May26   0:00 [xfslogd/0]
root        62  0.0  0.0      0     0 ?        S<   May26   0:00 [xfsdatad/0]
root       202  0.0  0.0      0     0 ?        S<   May26   0:00 [kjournald]
root       347  0.0  0.1   2236   348 ?        S<s  May26   0:00 /sbin/udevd --daemon
syslog    1119  0.0  0.2   1952   616 ?        Ss   May26   0:00 /sbin/syslogd -a /var/lib/named/dev/log -u syslog
root      1140  0.0  0.1   1888   420 ?        S    May26   0:00 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg
klog      1142  0.0  0.1   2152   384 ?        Ss   May26   0:00 /sbin/klogd -P /var/run/klogd/kmsg
ntp       1173  0.0  0.3   4136   912 ?        Ss   May26   0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 110:112 -g
root      1222  0.0  1.3   6888  3440 ?        Ss   May26   0:01 /usr/sbin/openvpn --writepid /var/run/openvpn.server.pid --daemon ovpn-server --cd /etc/open
root      1241  0.0  0.2   5328   632 ?        Ss   May26   0:00 /usr/sbin/sshd
root      1302  0.0  0.4   2784  1068 ?        S    May26   0:00 /bin/sh /usr/bin/mysqld_safe
mysql     1344  0.0  4.0 130572 10496 ?        Sl   May26   0:06 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/my
root      1346  0.0  0.1   1712   472 ?        S    May26   0:00 logger -p daemon.err -t mysqld_safe -i -t mysqld
root      1413  0.0  0.1   1920   356 ?        S    May26   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier
root      1414  0.0  0.1   2084   456 ?        S    May26   0:00 /usr/lib/courier/courier-authlib/authdaemond
root      1439  0.0  0.1   1920   284 ?        S    May26   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/courier
root      1440  0.0  0.1   2024   464 ?        S    May26   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /
root      1461  0.0  0.1   1920   284 ?        S    May26   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin
root      1462  0.0  0.1   2020   464 ?        S    May26   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 993 /
root      1466  0.0  0.2   2300   588 ?        S    May26   0:00 /usr/lib/courier/courier-authlib/authdaemond
root      1467  0.0  0.2   2300   588 ?        S    May26   0:00 /usr/lib/courier/courier-authlib/authdaemond
root      1468  0.0  0.2   2300   588 ?        S    May26   0:00 /usr/lib/courier/courier-authlib/authdaemond
root      1469  0.0  0.2   2300   588 ?        S    May26   0:00 /usr/lib/courier/courier-authlib/authdaemond
root      1470  0.0  0.2   2300   556 ?        S    May26   0:00 /usr/lib/courier/courier-authlib/authdaemond
root      1482  0.0  0.1   1920   428 ?        S    May26   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d.pid -start -name=pop3d /usr/sbin/courier
root      1483  0.0  0.2   2024   540 ?        S    May26   0:00 /usr/sbin/couriertcpd -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup -address=0 110 /u
root      1504  0.0  0.1   1920   284 ?        S    May26   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin
root      1505  0.0  0.1   2024   464 ?        S    May26   0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /u
ossecm    1539  0.0  0.5   3068  1416 ?        S    May26   0:00 /var/ossec/bin/ossec-maild
root      1543  0.0  0.1   1992   388 ?        S    May26   0:00 /var/ossec/bin/ossec-execd
ossec     1547  0.0  0.8  13124  2184 ?        Sl   May26   0:02 /var/ossec/bin/ossec-analysisd
root      1552  0.0  0.1   1864   432 ?        S    May26   0:00 /var/ossec/bin/ossec-logcollector
root      1556  0.0  0.3   2064   892 ?        S    May26   0:23 /var/ossec/bin/ossec-syscheckd
ossec     1560  0.0  0.2   2048   612 ?        S    May26   0:00 /var/ossec/bin/ossec-monitord
root      1693  0.0  0.1   7880   368 ?        Ss   May26   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      1694  0.0  0.2   9036   776 ?        S    May26   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      1695  0.0  0.0   7880    32 ?        S    May26   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      1699  0.0  0.0   7880   164 ?        S    May26   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      1700  0.0  0.0   7880   108 ?        S    May26   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      1847  0.0  0.2   2116   748 ?        Ss   May26   0:00 /usr/sbin/cron
root      1927  0.0  1.0   6920  2772 ?        Ss   May26   0:00 /usr/sbin/munin-node
root      2105  0.0  0.3  14488   928 ?        Ss   May26   0:00 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
root      2106  0.0  0.4   2812  1188 ?        S    May26   0:00 /bin/bash /root/ispconfig/sv/ispconfig_wconf
2003      2115  0.0  0.2  15176   616 ?        S    May26   0:00 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
bind      2454  0.0  0.9  37560  2388 ?        Ssl  May26   0:00 /usr/sbin/named -u bind -t /var/lib/named
2003      2494  0.0  0.3   2924  1028 ?        Ss   May26   0:00 /home/admispconfig/ispconfig/tools/clamav/bin/freshclam -d -c 10 --datadir=/home/admispconfi
root      2500  0.0  0.5  28996  1440 ?        Sl   May26   0:01 /usr/sbin/monit -d 60 -c /etc/monit/monitrc -s /var/lib/monit/monit.state
root      2529  0.0  0.1   1728   432 tty1     Ss+  May26   0:00 /sbin/getty 38400 tty1
2003      5231  0.0  0.2  14956   624 ?        S    May26   0:00 /root/ispconfig/httpd/bin/ispconfig_httpd -DSSL
root      8644  0.0  1.3  43740  3484 ?        Ss   May26   0:00 /usr/sbin/apache2 -k start
root      8645  0.0  0.1   1772   472 ?        S    May26   0:00 /root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispcon
root     12779  0.0  0.0      0     0 ?        S    May26   0:00 [pdflush]
root     21936  0.0  0.0      0     0 ?        S    May26   0:00 [pdflush]
root     19752  0.0  0.1  49284   388 ?        Ssl  May26   0:00 /usr/sbin/freeradius
www-data 31679  0.0  5.2  49480 13692 ?        S    May27   0:07 /usr/sbin/apache2 -k start
snort    11205  0.0 23.1 185124 60716 ?        Ssl  May27   0:07 /usr/sbin/snort -m 027 -D -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S
www-data 16886  0.0  6.0  49728 15968 ?        S    May27   0:07 /usr/sbin/apache2 -k start
www-data 22669  0.0  4.3  45520 11308 ?        S    May27   0:05 /usr/sbin/apache2 -k start
www-data 22671  0.0  5.6  48868 14928 ?        S    May27   0:05 /usr/sbin/apache2 -k start
www-data 19323  0.0  6.0  49696 15900 ?        S    May27   0:02 /usr/sbin/apache2 -k start
www-data 19324  0.0  5.6  49092 14856 ?        S    May27   0:02 /usr/sbin/apache2 -k start
www-data 20521  0.0  5.7  48860 15164 ?        S    May27   0:03 /usr/sbin/apache2 -k start
www-data  9852  0.0  4.0  44812 10716 ?        S    May27   0:01 /usr/sbin/apache2 -k start
proftpd   9980  0.0  0.6   9836  1612 ?        Ss   May27   0:00 proftpd: (accepting connections)
root     10051  0.0  0.6   5408  1760 ?        Ss   May27   0:00 /usr/lib/postfix/master
postfix  10063  0.0  0.6   5460  1804 ?        S    May27   0:00 qmgr -l -t fifo -u
postfix  10115  0.0  0.9   5784  2464 ?        S    May27   0:00 tlsmgr -l -t unix -u -c
www-data 18903  0.0  4.2  45500 11176 ?        S    01:06   0:01 /usr/sbin/apache2 -k start
postfix  12245  0.0  0.6   5420  1712 ?        S    04:44   0:00 pickup -l -t fifo -u -c
www-data 14595  0.0  3.7  44576  9788 ?        S    05:00   0:00 /usr/sbin/apache2 -k start
postfix  17060  0.0  1.2   6448  3252 ?        S    05:21   0:00 smtpd -n smtp -t inet -u -c -o stress  -s 2
root     19551  0.0  1.4  11364  3716 ?        Ss   05:43   0:00 sshd: root@pts/0
root     19555  0.0  0.6   2920  1628 pts/0    Ss   05:43   0:00 -bash
proftpd  19567  0.0  0.8   9836  2200 ?        S    05:43   0:00 proftpd: (accepting connections)
root     19571  0.0  0.2   1864   532 ?        S    05:44   0:00 sleep 10
root     19572  0.0  0.3   2380   920 pts/0    R+   05:44   0:00 ps aux
crontab-l
Code:
30 00 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/logs.php &> /dev/null
59 23 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/ftp_logs.php &> /dev/null
59 23 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/mail_logs.php &> /dev/null
59 23 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/cleanup.php &> /dev/null
0 4 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/webalizer.php &> /dev/null
0,30 * * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/check_services.php &> /dev/null
15 3,15 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/quota_msg.php &> /dev/null
40 00 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/traffic.php &> /dev/null
05 02 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/backup.php &> /dev/null
0 4 * * * /root/ispconfig/php/php /root/ispconfig/scripts/shell/awstats.php &> /dev/null
BTW, the behavior persists agter rebooting.

Could something else be updating hosts.deny, OSSEC, prelude, snort, prewikka perhaps?
Reply With Quote