Analyse the process ID’s and check their legitimacy

 for pid in $(ps aux | grep -v '\[' | grep -v grep | awk '{print $2}' | grep -v PID); do SERVICE=$(ps aux | grep -v grep | grep " $pid " | awk '{print $11}' | egrep -v 'nimbus|delloma' | tr -d '-' | tr -d ':'); [ "X$SERVICE" != "X" ] && ls -lh /proc/$pid | grep ' exe ' | tr -d '-' | grep -v $SERVICE >/dev/null 2>&1 && echo "$pid should be $SERVICE but it is actually $(ls -lh /proc/$pid | grep ' exe ' | awk '{print $11}')"; done

Check the netstat detail

netstat -np | awk '{print $7}' | awk -F/ '{count[$2]++}END{for(j in count) print count[j],j}' | sort -nr

Full process list and commands

ps auxfwww

Leave a Reply

Your email address will not be published. Required fields are marked *