[Cialug] Pi processes
Adam Hill
adam at diginc.us
Mon Feb 29 13:20:06 CST 2016
Nothing looks odd to me either, but I feel his approach to security hygiene
could use some 101 level questions instead of just giving an 'all clear' to
a proc list.
- Did he fresh install the OS on the pi after it entered his
possession? If no, go and do so.
- Did he verify checksums of his downloaded Raspbian/OS image of
choice? If yes, good. He can always go back and check the image if he
kept the download.
- Is there a certain application he thinks may have tainted his pi? If
yes, LMGTFY to see if it is secure/audited or go back to a fresh image and
don't reinstall it.
Piggybacking even more on the pi discussion, pi-hole <https://pi-hole.net/>
(DNSMasq based advertisement black-hole) is a great recommendation for
people looking for a project to use their idle pis for. it can be a little
too aggressive at times and breaks some sites for me, they're always
working on tweaking/perfecting the blacklists/whitelists they use though.
You just might want to trail it on limited devices before applying it to
your entire network.
On Mon, Feb 29, 2016 at 12:24 PM Jeffrey Ollie <jeff at ocjtech.us> wrote:
> Everything looked legit to me. The "processes" in square brackets are
> actually kernel threads so there's not much you can do about them. Not
> much else is running other than what I'd consider "baseline" services,
> although there's probably a little bit of fat that could be trimmed.
>
> On Mon, Feb 29, 2016 at 12:09 PM, Todd Pierce <toddcpierce at gmail.com>
> wrote:
>
> > Hi all,
> >
> > As long as you're discussing RPis, I figured I'd post the process list of
> > my friend's Pi. He's totally OCD and wanted me to check if everything
> > running was legitimate, even though the thing seems perfectly healthy.
> > Quite honestly, I have no idea what should or shouldn't be running on a
> Pi.
> >
> > I pasted it below in case anybody is interested in checking it.
> >
> > Thanks,
> >
> > -Todd
> >
> >
> > UID PID PPID C STIME TTY TIME CMD
> > root 1 0 0 Feb23 ? 00:00:02 init [2]
> > root 2 0 0 Feb23 ? 00:00:00 [kthreadd]
> > root 3 2 0 Feb23 ? 00:00:00 [ksoftirqd/0]
> > root 5 2 0 Feb23 ? 00:00:00 [kworker/0:0H]
> > root 6 2 0 Feb23 ? 00:00:01 [kworker/u8:0]
> > root 7 2 0 Feb23 ? 00:00:03 [rcu_preempt]
> > root 8 2 0 Feb23 ? 00:00:00 [rcu_sched]
> > root 9 2 0 Feb23 ? 00:00:00 [rcu_bh]
> > root 10 2 0 Feb23 ? 00:00:00 [migration/0]
> > root 11 2 0 Feb23 ? 00:00:00 [migration/1]
> > root 12 2 0 Feb23 ? 00:00:00 [ksoftirqd/1]
> > root 14 2 0 Feb23 ? 00:00:00 [kworker/1:0H]
> > root 15 2 0 Feb23 ? 00:00:00 [migration/2]
> > root 16 2 0 Feb23 ? 00:00:00 [ksoftirqd/2]
> > root 18 2 0 Feb23 ? 00:00:00 [kworker/2:0H]
> > root 19 2 0 Feb23 ? 00:00:00 [migration/3]
> > root 20 2 0 Feb23 ? 00:00:00 [ksoftirqd/3]
> > root 22 2 0 Feb23 ? 00:00:00 [kworker/3:0H]
> > root 23 2 0 Feb23 ? 00:00:00 [khelper]
> > root 24 2 0 Feb23 ? 00:00:00 [kdevtmpfs]
> > root 25 2 0 Feb23 ? 00:00:00 [netns]
> > root 26 2 0 Feb23 ? 00:00:00 [perf]
> > root 27 2 0 Feb23 ? 00:00:00 [khungtaskd]
> > root 28 2 0 Feb23 ? 00:00:00 [writeback]
> > root 29 2 0 Feb23 ? 00:00:00 [crypto]
> > root 30 2 0 Feb23 ? 00:00:00 [bioset]
> > root 31 2 0 Feb23 ? 00:00:00 [kblockd]
> > root 33 2 0 Feb23 ? 00:00:00 [rpciod]
> > root 34 2 0 Feb23 ? 00:00:00 [kswapd0]
> > root 35 2 0 Feb23 ? 00:00:00 [fsnotify_mark]
> > root 36 2 0 Feb23 ? 00:00:00 [nfsiod]
> > root 42 2 0 Feb23 ? 00:00:00 [kthrotld]
> > root 43 2 0 Feb23 ? 00:00:27 [VCHIQ-0]
> > root 44 2 0 Feb23 ? 00:00:11 [VCHIQr-0]
> > root 45 2 0 Feb23 ? 00:00:00 [VCHIQs-0]
> > root 46 2 0 Feb23 ? 00:00:00 [iscsi_eh]
> > root 47 2 0 Feb23 ? 00:00:00 [dwc_otg]
> > root 48 2 0 Feb23 ? 00:00:00 [DWC Notificatio]
> > root 52 2 0 Feb23 ? 00:00:02 [mmcqd/0]
> > root 53 2 0 Feb23 ? 00:00:00 [VCHIQka-0]
> > root 54 2 0 Feb23 ? 00:00:00 [SMIO]
> > root 55 2 0 Feb23 ? 00:00:00 [deferwq]
> > root 57 2 0 Feb23 ? 00:00:00 [jbd2/mmcblk0p6-]
> > root 58 2 0 Feb23 ? 00:00:00 [ext4-rsv-conver]
> > root 175 1 0 Feb23 ? 00:00:00 udevd --daemon
> > root 309 175 0 Feb23 ? 00:00:00 udevd --daemon
> > root 332 2 0 Feb23 ? 00:00:00 [spi0]
> > root 1088 2 0 Feb23 ? 00:00:17 [kworker/0:1H]
> > root 1599 1 0 Feb23 ? 00:00:04 /usr/sbin/ifplugd -i lo
> -q
> > -f -u0 -d10 -w -I
> > root 1605 1 0 Feb23 ? 00:00:40 /usr/sbin/ifplugd -i eth0
> > -q -f -u0 -d10 -w -I
> > root 1987 175 0 Feb23 ? 00:00:00 udevd --daemon
> > nobody 2000 1 0 Feb23 ? 00:00:12 /usr/sbin/thd --daemon
> > --triggers /etc/triggerhappy/triggers.d/ --socket /var/run/thd.socket
> > --pidfile /var/run/thd.pid --user nobody /dev/input/event0
> > /dev/input/event1 /dev/input/event2 /dev/input/event3
> > root 2010 2 0 Feb23 ? 00:00:00 [cfg80211]
> > root 2017 1 0 Feb23 ? 00:00:00 /usr/sbin/rsyslogd -c5
> > root 2139 1 0 Feb23 ? 00:00:00 /sbin/dhcpcd
> > root 2175 1 0 Feb23 ? 00:00:00 /usr/sbin/cron
> > ntp 2184 1 0 Feb23 ? 00:00:04 /usr/sbin/ntpd -p
> > /var/run/ntpd.pid -g -u 104:107
> > root 2210 2184 0 Feb23 ? 00:00:00 /usr/sbin/ntpd -p
> > /var/run/ntpd.pid -g -u 104:107
> > 102 2225 1 0 Feb23 ? 00:00:00 /usr/bin/dbus-daemon
> > --system
> > root 2239 1 0 Feb23 ? 00:00:00 /usr/sbin/sshd
> > root 2278 1 0 Feb23 ? 00:00:00 /usr/sbin/bluetoothd
> > avahi 2281 1 0 Feb23 ? 00:00:00 avahi-daemon: running
> > [raspberrypi.local]
> > avahi 2282 2281 0 Feb23 ? 00:00:00 avahi-daemon: chroot
> helper
> > root 2304 2 0 Feb23 ? 00:00:00 [krfcommd]
> > root 2342 1 0 Feb23 tty2 00:00:00 /sbin/getty 38400 tty2
> > root 2343 1 0 Feb23 tty3 00:00:00 /sbin/getty 38400 tty3
> > root 2344 1 0 Feb23 tty4 00:00:00 /sbin/getty 38400 tty4
> > root 2345 1 0 Feb23 tty5 00:00:00 /sbin/getty 38400 tty5
> > root 2346 1 0 Feb23 tty6 00:00:00 /sbin/getty 38400 tty6
> > root 2415 1 0 Feb23 ? 00:00:00
> > /usr/sbin/console-kit-daemon --no-daemon
> > root 2482 1 0 Feb23 ? 00:00:00
> > /usr/lib/policykit-1/polkitd --no-debug
> > root 2497 2 0 Feb23 ? 00:00:02 [kworker/3:1H]
> > root 2526 1 0 Feb23 ? 00:00:00
> > /usr/lib/udisks/udisks-daemon
> > root 2527 2526 0 Feb23 ? 00:00:00 udisks-daemon: not
> polling
> > any devices
> > root 2550 2 0 Feb23 ? 00:00:00 [jbd2/mmcblk0p3-]
> > root 2551 2 0 Feb23 ? 00:00:00 [ext4-rsv-conver]
> > root 2565 2 0 Feb23 ? 00:00:04 [kworker/1:1H]
> > pi 2581 1 0 Feb23 ? 00:00:04 /usr/bin/knotify4
> > root 2584 1 0 Feb23 ? 00:00:00 /usr/lib/upower/upowerd
> > root 2692 2 0 Feb23 ? 00:00:02 [kworker/u8:1]
> > root 3058 2 0 09:25 ? 00:00:03 [kworker/2:1H]
> > root 3143 2 0 10:38 ? 00:00:02 [kworker/1:2]
> > root 3163 1 0 11:08 tty1 00:00:00 /bin/login --
> > pi 3185 3163 0 12:45 tty1 00:00:00 -bash
> > root 3385 2 0 12:50 ? 00:00:01 [kworker/0:2]
> > root 3554 2 0 13:34 ? 00:00:00 [kworker/3:2]
> > root 3699 2 0 13:50 ? 00:00:00 [kworker/2:0]
> > root 3742 2 0 14:08 ? 00:00:00 [kworker/0:1]
> > root 3760 2 0 14:11 ? 00:00:00 [kworker/2:2]
> > root 3761 2 0 14:11 ? 00:00:00 [kworker/1:1]
> > root 3762 2 0 14:11 ? 00:00:00 [kworker/3:0]
> > pi 3776 3185 0 14:19 tty1 00:00:00 ps -ef
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
>
>
>
> --
> Jeff Ollie
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list