You are not logged in.
- Topics: Active | Unanswered
#1 2014-07-11 20:41:44
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
[SOLVED] Weird processes
Hello *,
I came across some weird processes on a fresh install. There are many processes that I do not recognize and they seem fishy.
root 2 0.0 0.0 0 0 ? S 18:28 0:00 [kthreadd]
root 3 2.2 0.0 0 0 ? S 18:28 6:29 \_ [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/0:0H]
root 6 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kworker/u4:0]
root 7 0.7 0.0 0 0 ? S 18:28 2:01 \_ [rcu_preempt]
root 8 0.0 0.0 0 0 ? S 18:28 0:00 \_ [rcu_sched]
root 9 0.0 0.0 0 0 ? S 18:28 0:00 \_ [rcu_bh]
root 10 0.0 0.0 0 0 ? S 18:28 0:01 \_ [migration/0]
root 11 0.0 0.0 0 0 ? S 18:28 0:00 \_ [watchdog/0]
root 12 0.0 0.0 0 0 ? S 18:28 0:00 \_ [watchdog/1]
root 13 0.0 0.0 0 0 ? S 18:28 0:00 \_ [migration/1]
root 14 15.3 0.0 0 0 ? S 18:28 43:45 \_ [ksoftirqd/1]
root 16 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/1:0H]
root 17 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [khelper]
root 18 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kdevtmpfs]
root 19 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [netns]
root 20 0.0 0.0 0 0 ? S 18:28 0:00 \_ [khungtaskd]
root 21 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [writeback]
root 22 0.0 0.0 0 0 ? SN 18:28 0:00 \_ [ksmd]
root 23 0.0 0.0 0 0 ? SN 18:28 0:00 \_ [khugepaged]
root 24 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kintegrityd]
root 25 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [bioset]
root 26 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [crypto]
root 27 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kblockd]
root 30 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kswapd0]
root 31 0.0 0.0 0 0 ? S 18:28 0:00 \_ [fsnotify_mark]
root 35 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kthrotld]
root 36 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ipv6_addrconf]
root 37 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [deferwq]
root 38 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kworker/u4:1]
root 63 0.0 0.0 0 0 ? S 18:28 0:00 \_ [khubd]
root 64 0.0 0.0 0 0 ? S 18:28 0:04 \_ [vballoon]
root 65 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ata_sff]
root 66 0.0 0.0 0 0 ? S 18:28 0:00 \_ [scsi_eh_0]
root 67 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [scsi_tmf_0]
root 68 0.0 0.0 0 0 ? S 18:28 0:00 \_ [scsi_eh_1]
root 69 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [scsi_tmf_1]
root 77 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/0:1H]
root 82 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/1:1H]
root 90 0.0 0.0 0 0 ? S 18:28 0:00 \_ [jbd2/sda1-8]
root 91 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ext4-rsv-conver]
root 159 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kpsmoused]
root 164 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ttm_swap]
root 21979 0.1 0.0 0 0 ? S 21:42 0:09 \_ [kworker/1:0]
root 9958 0.0 0.0 0 0 ? S 22:05 0:00 \_ [kworker/0:2]
root 18154 0.0 0.0 0 0 ? S 22:14 0:00 \_ [kworker/0:0]
root 26667 0.0 0.0 0 0 ? S 23:02 0:00 \_ [kworker/1:2]
root 499 0.0 0.0 0 0 ? S 23:09 0:00 \_ [kworker/0:1]
root 3011 0.0 0.0 0 0 ? S 23:12 0:00 \_ [kworker/1:1]
root 1 0.0 0.1 33868 4148 ? Ss 18:28 0:02 /sbin/init
root 115 0.0 0.1 28304 7036 ? Ss 18:28 0:01 /usr/lib/systemd/systemd-journald
root 133 0.0 0.0 32168 3060 ? Ss 18:28 0:00 /usr/lib/systemd/systemd-udevd
root 140 0.0 0.0 15312 2444 ? Ss 18:28 0:00 /usr/lib/systemd/systemd-logind
dbus 142 0.0 0.0 24828 2724 ? Ss 18:28 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 162 0.0 0.0 8156 1644 tty1 Ss+ 18:28 0:00 /sbin/agetty --noclear tty1 linux
root 269 0.0 0.0 4448 1440 ? Ss 18:28 0:00 dhcpcd -4 -q -t 30 -L ens18
root 316 0.0 0.0 24468 3372 ? Ss 18:43 0:00 /usr/lib/systemd/systemd --user
root 318 0.0 0.0 83552 1636 ? S 18:43 0:00 \_ (sd-pam)
root 686 0.0 0.0 134912 680 ? Ss 18:45 0:00 /tmp/.sshdd1405093530
root 691 0.0 0.0 134912 680 ? S 18:45 0:02 \_ /tmp/.sshdd1405093530
root 692 0.1 0.0 134912 680 ? S 18:45 0:17 \_ /tmp/.sshdd1405093530
root 693 0.0 0.0 134912 680 ? S 18:45 0:00 \_ /tmp/.sshdd1405093530
root 694 0.0 0.0 134912 680 ? S 18:45 0:11 \_ /tmp/.sshdd1405093530
root 4462 0.0 0.0 11876 2536 ? S 23:14 0:00 | \_ sh -c top -bn 1 | grep Cpu | cut -d "," -f 1 | cut -d ":" -f 2
root 4464 0.0 0.0 13668 2164 ? S 23:14 0:00 | \_ top -bn 1
root 4465 0.0 0.0 9000 828 ? S 23:14 0:00 | \_ grep Cpu
root 4466 0.0 0.0 4240 620 ? S 23:14 0:00 | \_ cut -d , -f 1
root 4467 0.0 0.0 4240 656 ? S 23:14 0:00 | \_ cut -d : -f 2
root 695 0.0 0.0 134912 680 ? S 18:45 0:00 \_ /tmp/.sshdd1405093530
root 688 0.0 0.0 938124 2248 ? Ss 18:45 0:00 /tmp/.sshdd1405093530
root 701 0.0 0.0 938124 2248 ? S 18:45 0:03 \_ /tmp/.sshdd1405093530
root 702 0.2 0.0 938124 2248 ? S 18:45 0:47 \_ /tmp/.sshdd1405093530
root 4468 0.0 0.0 1584 4 ? S 23:14 0:00 | \_ ps -ef
root 706 0.0 0.0 938124 2248 ? S 18:45 0:01 \_ /tmp/.sshdd1405093530
root 709 0.2 0.0 938124 2248 ? S 18:45 0:42 \_ /tmp/.sshdd1405093530
root 710 0.0 0.0 938124 2248 ? S 18:45 0:00 \_ /tmp/.sshdd1405093530
root 823 0.1 0.0 2812 632 ? Ss 18:45 0:16 /etc/.SSH2
root 14939 0.0 0.0 20040 976 ? Ss 19:01 0:00 /etc/nhgbhhj
root 15288 0.0 0.0 20040 976 ? S 19:01 0:03 \_ /etc/nhgbhhj
root 15289 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15290 0.0 0.0 20040 976 ? S 19:01 0:11 \_ /etc/nhgbhhj
root 15291 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15292 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15293 0.0 0.0 20040 976 ? S 19:01 0:02 \_ /etc/nhgbhhj
root 15294 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15295 0.0 0.0 20040 976 ? S 19:01 0:03 \_ /etc/nhgbhhj
root 3377 0.0 0.0 20040 976 ? S 23:12 0:00 \_ /etc/nhgbhhj
root 3378 99.4 0.0 20040 976 ? R 23:12 1:11 \_ /etc/nhgbhhj
root 25846 0.0 0.1 82852 6336 ? Ss 22:24 0:00 sshd: root@pts/0
root 26715 0.0 0.0 16060 3724 pts/0 Ss+ 22:25 0:00 \_ -bash
root 8807 0.0 0.1 82852 6240 ? Ss 22:41 0:00 sshd: root@pts/1
root 9189 0.0 0.0 16060 3752 pts/1 Ss 22:42 0:00 \_ -bash
root 4461 0.0 0.0 1584 4 pts/1 S+ 23:14 0:00 \_ ps auxf
root 4463 0.0 0.0 27000 2940 pts/1 R+ 23:14 0:00 \_ /usr/bin/dpkgd/ps auxfAs it can be seen, /tmp/.sshdd1405093530 executes some weird stuff and that changes all the time:
[root@mc-arch ~]# ps auxf
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 2 0.0 0.0 0 0 ? S 18:28 0:00 [kthreadd]
root 3 2.2 0.0 0 0 ? S 18:28 6:29 \_ [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/0:0H]
root 6 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kworker/u4:0]
root 7 0.7 0.0 0 0 ? S 18:28 2:06 \_ [rcu_preempt]
root 8 0.0 0.0 0 0 ? S 18:28 0:00 \_ [rcu_sched]
root 9 0.0 0.0 0 0 ? S 18:28 0:00 \_ [rcu_bh]
root 10 0.0 0.0 0 0 ? S 18:28 0:01 \_ [migration/0]
root 11 0.0 0.0 0 0 ? S 18:28 0:00 \_ [watchdog/0]
root 12 0.0 0.0 0 0 ? S 18:28 0:00 \_ [watchdog/1]
root 13 0.0 0.0 0 0 ? S 18:28 0:00 \_ [migration/1]
root 14 15.1 0.0 0 0 ? S 18:28 44:24 \_ [ksoftirqd/1]
root 16 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/1:0H]
root 17 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [khelper]
root 18 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kdevtmpfs]
root 19 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [netns]
root 20 0.0 0.0 0 0 ? S 18:28 0:00 \_ [khungtaskd]
root 21 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [writeback]
root 22 0.0 0.0 0 0 ? SN 18:28 0:00 \_ [ksmd]
root 23 0.0 0.0 0 0 ? SN 18:28 0:00 \_ [khugepaged]
root 24 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kintegrityd]
root 25 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [bioset]
root 26 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [crypto]
root 27 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kblockd]
root 30 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kswapd0]
root 31 0.0 0.0 0 0 ? S 18:28 0:00 \_ [fsnotify_mark]
root 35 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kthrotld]
root 36 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ipv6_addrconf]
root 37 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [deferwq]
root 38 0.0 0.0 0 0 ? S 18:28 0:00 \_ [kworker/u4:1]
root 63 0.0 0.0 0 0 ? S 18:28 0:00 \_ [khubd]
root 64 0.0 0.0 0 0 ? S 18:28 0:04 \_ [vballoon]
root 65 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ata_sff]
root 66 0.0 0.0 0 0 ? S 18:28 0:00 \_ [scsi_eh_0]
root 67 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [scsi_tmf_0]
root 68 0.0 0.0 0 0 ? S 18:28 0:00 \_ [scsi_eh_1]
root 69 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [scsi_tmf_1]
root 77 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/0:1H]
root 82 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kworker/1:1H]
root 90 0.0 0.0 0 0 ? S 18:28 0:00 \_ [jbd2/sda1-8]
root 91 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ext4-rsv-conver]
root 159 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [kpsmoused]
root 164 0.0 0.0 0 0 ? S< 18:28 0:00 \_ [ttm_swap]
root 21979 0.1 0.0 0 0 ? S 21:42 0:10 \_ [kworker/1:0]
root 18154 0.0 0.0 0 0 ? S 22:14 0:00 \_ [kworker/0:0]
root 26667 0.0 0.0 0 0 ? S 23:02 0:00 \_ [kworker/1:2]
root 499 0.0 0.0 0 0 ? S 23:09 0:00 \_ [kworker/0:1]
root 3011 0.0 0.0 0 0 ? S 23:12 0:00 \_ [kworker/1:1]
root 1 0.0 0.1 33868 4148 ? Ss 18:28 0:02 /sbin/init
root 115 0.0 0.1 28304 7036 ? Ss 18:28 0:01 /usr/lib/systemd/systemd-journald
root 133 0.0 0.0 32168 3060 ? Ss 18:28 0:00 /usr/lib/systemd/systemd-udevd
root 140 0.0 0.0 15312 2444 ? Ss 18:28 0:00 /usr/lib/systemd/systemd-logind
dbus 142 0.0 0.0 24828 2724 ? Ss 18:28 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 162 0.0 0.0 8156 1644 tty1 Ss+ 18:28 0:00 /sbin/agetty --noclear tty1 linux
root 269 0.0 0.0 4448 1440 ? Ss 18:28 0:00 dhcpcd -4 -q -t 30 -L ens18
root 316 0.0 0.0 24468 3372 ? Ss 18:43 0:00 /usr/lib/systemd/systemd --user
root 318 0.0 0.0 83552 1636 ? S 18:43 0:00 \_ (sd-pam)
root 686 0.0 0.0 134912 680 ? Ss 18:45 0:00 /tmp/.sshdd1405093530
root 691 0.0 0.0 134912 680 ? S 18:45 0:02 \_ /tmp/.sshdd1405093530
root 692 0.1 0.0 134912 680 ? S 18:45 0:17 \_ /tmp/.sshdd1405093530
root 11287 0.0 0.0 1584 4 ? S 23:22 0:00 | \_ ps -ef
root 11289 0.0 0.0 24920 2200 ? R 23:22 0:00 | \_ /usr/bin/dpkgd/ps -ef
root 693 0.0 0.0 134912 680 ? S 18:45 0:00 \_ /tmp/.sshdd1405093530
root 694 0.0 0.0 134912 680 ? S 18:45 0:11 \_ /tmp/.sshdd1405093530
root 695 0.0 0.0 134912 680 ? S 18:45 0:00 \_ /tmp/.sshdd1405093530
root 688 0.0 0.0 938124 2248 ? Ss 18:45 0:00 /tmp/.sshdd1405093530
root 701 0.0 0.0 938124 2248 ? S 18:45 0:03 \_ /tmp/.sshdd1405093530
root 702 0.2 0.0 938124 2248 ? S 18:45 0:48 \_ /tmp/.sshdd1405093530
root 11288 0.0 0.0 1584 4 ? S 23:22 0:00 | \_ ps -ef
root 706 0.0 0.0 938124 2248 ? S 18:45 0:01 \_ /tmp/.sshdd1405093530
root 709 0.2 0.0 938124 2248 ? S 18:45 0:43 \_ /tmp/.sshdd1405093530
root 710 0.0 0.0 938124 2248 ? S 18:45 0:00 \_ /tmp/.sshdd1405093530
root 823 0.1 0.0 2812 632 ? Ss 18:45 0:17 /etc/.SSH2
root 14939 0.0 0.0 20040 976 ? Ss 19:01 0:00 /etc/nhgbhhj
root 15288 0.0 0.0 20040 976 ? S 19:01 0:03 \_ /etc/nhgbhhj
root 15289 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15290 0.0 0.0 20040 976 ? S 19:01 0:11 \_ /etc/nhgbhhj
root 15291 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15292 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15293 0.0 0.0 20040 976 ? S 19:01 0:02 \_ /etc/nhgbhhj
root 15294 0.0 0.0 20040 976 ? S 19:01 0:00 \_ /etc/nhgbhhj
root 15295 0.0 0.0 20040 976 ? S 19:01 0:03 \_ /etc/nhgbhhj
root 7718 0.0 0.0 20040 976 ? S 23:18 0:00 \_ /etc/nhgbhhj
root 7719 99.6 0.0 20040 976 ? R 23:18 4:15 \_ /etc/nhgbhhj
root 25846 0.0 0.1 82852 6336 ? Ss 22:24 0:00 sshd: root@pts/0
root 26715 0.0 0.0 16060 3724 pts/0 Ss+ 22:25 0:00 \_ -bash
root 8807 0.0 0.1 82852 6240 ? Ss 22:41 0:00 sshd: root@pts/1
root 9189 0.0 0.0 16060 3752 pts/1 Ss 22:42 0:00 \_ -bash
root 11285 0.0 0.0 1584 4 pts/1 S+ 23:22 0:00 \_ ps auxf
root 11286 0.0 0.0 27000 2940 pts/1 R+ 23:22 0:00 \_ /usr/bin/dpkgd/ps auxfHere are the md5sums and some of them link to weird mallware results on google.
[root@mc-arch ~]# md5sum /tmp/.sshdd1405093530
8ad692d593a6d7b16a6ac78ee6cf2f01 /tmp/.sshdd1405093530
[root@mc-arch ~]# md5sum /etc/.SSH2
8ad692d593a6d7b16a6ac78ee6cf2f01 /etc/.SSH2
[root@mc-arch ~]# md5sum /etc/nhgbhhj
d40f01329107e2ed1535d3b2e9ed1ed9 /etc/nhgbhhj
[root@mc-arch ~]# md5sum /etc/nhgbhhj.1
d40f01329107e2ed1535d3b2e9ed1ed9 /etc/nhgbhhj.1Here are the last modified times. Note that the system is installed Jul 11 2014 around 15:30 as can be seen by the last modified time of the initramfs files.
[root@mc-arch ~]# ls -la /etc/nhgbhhj*
-rwsrwsrwt 1 root root 1521642 Jun 16 19:44 /etc/nhgbhhj
-rw-r--r-- 1 root root 1521642 Jun 16 19:44 /etc/nhgbhhj.1
[root@mc-arch ~]# ls -la /etc/.SSH2
-rwxrwxrwx 1 root root 273128 May 16 15:34 /etc/.SSH2
[root@mc-arch ~]# ls -la /tmp/.sshdd1405093530
-rwsrwsrwt 1 root root 273128 May 16 15:34 /tmp/.sshdd1405093530
[root@mc-arch ~]# ls -la /boot
total 23672
drwxr-xr-x 3 root root 4096 Jul 11 15:28 .
drwsrwsrwt 17 root root 4096 Jul 11 14:22 ..
drwxr-xr-x 6 root root 4096 Jul 11 15:46 grub
-rw-r--r-- 1 root root 17113805 Jul 11 15:28 initramfs-linux-fallback.img
-rw-r--r-- 1 root root 3189652 Jul 11 15:27 initramfs-linux.img
-rw-r--r-- 1 root root 3916768 Jul 7 08:45 vmlinuz-linuxThe only line in the mirrorlist file during the whole installation was:
Server = http://archlinux.igor.onlinedirect.bg/$repo/os/$archAny ideas on what these things are and how I can track where they came from?
EDIT: On a laptop that I installed arch on, there seems to be no problem but I used the default (full) mirrorlist file with all the mirrors.
Last edited by sakishrist (2014-07-12 10:10:13)
Offline
#2 2014-07-11 21:05:20
- HiImTye
- Member
- From: Halifax, NS, Canada
- Registered: 2012-05-09
- Posts: 1,072
Re: [SOLVED] Weird processes
the 'nhgbhhj' process is supposedly some sort of rootkit, according to a twitter post on FreeDNS's page, but other than a completely uninformative malwr.com page, that's the only thing I could actually find about it.
the 'sshdd' process makes me very curious, do you have any extra ports open without any explanation? if so, do they respond to ssh attempts?
this might belong more to the system administration subforum
Last edited by HiImTye (2014-07-11 21:07:56)
Offline
#3 2014-07-11 22:01:40
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
I would be thankful if a moderator could move the topic to the apropriate forum.
I NOW have open sockets (or at least I think they are open)
netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::22 :::* LISTEN 1/init
udp 0 0 192.168.1.14:68 0.0.0.0:* 269/dhcpcd
udp 0 0 0.0.0.0:68 0.0.0.0:* 269/dhcpcd
raw 76160 0 0.0.0.0:17 0.0.0.0:* 7 14939/nhgbhhj
raw 213248 0 0.0.0.0:17 0.0.0.0:* 7 14939/nhgbhhj
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 1366 1/init /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 1393 1/init /run/lvm/lvmetad.socket
unix 2 [ ACC ] SEQPACKET LISTENING 1396 1/init /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 1399 1/init /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 9094 316/systemd /run/user/0/systemd/private
unix 2 [ ACC ] STREAM LISTENING 8155 1/init /run/dbus/system_bus_socketAs far as I got, a state of 7 when it comes to TCP is TCP_CLOSE, but here the protocol is raw so I have no idea what the 7 means.
Nmap reports nothing for port 17
Host is up (0.014s latency).
PORT STATE SERVICE VERSION
17/tcp closed qotd
17/udp closed qotdOffline
#4 2014-07-11 22:15:43
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
Here is some more interesting info:
[root@mc-arch ~]# netstat -np
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.14:48131 117.27.249.25:36667 ESTABLISHED 8926/nhgbhhj
tcp 0 0 192.168.1.14:51743 121.12.110.96:7168 ESTABLISHED 688/.sshdd140509353
tcp 0 0 192.168.1.14:51742 121.12.110.96:7168 ESTABLISHED 686/.sshdd140509353
tcp6 0 36 192.168.1.14:22 212.36.21.27:37825 ESTABLISHED 1/init
tcp6 0 0 192.168.1.14:22 212.36.21.27:49493 ESTABLISHED 1/init
tcp6 0 0 192.168.1.14:22 212.36.21.27:49352 ESTABLISHED 1/init
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
[...]Nmap for 121.12.110.96:
PORT STATE SERVICE VERSION
7168/tcp open unknown
7168/udp open|filtered unknownPORT STATE SERVICE VERSION
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1720/tcp filtered H.323/Q.931
4444/tcp filtered krb524
9009/tcp open pichat?
9010/tcp open sdr?
9999/tcp open ms-wbt-server Microsoft Terminal ServiceAnd for 117.27.249.25:
PORT STATE SERVICE VERSION
23/tcp filtered telnet
80/tcp open http Apache httpd 2.2.19 ((Win32) PHP/5.2.9-1)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1025/tcp filtered NFS-or-IIS
1026/tcp open msrpc Microsoft Windows RPC
1027/tcp filtered IIS
1034/tcp open msrpc Microsoft Windows RPC
1720/tcp filtered H.323/Q.931
2967/tcp filtered symantec-av
3000/tcp filtered ppp
4900/tcp filtered hfcs
5000/tcp filtered upnp
5100/tcp filtered admd
5500/tcp filtered hotline
6000/tcp filtered X11
8081/tcp open blackice-icecap?
1 service unrecognized despite returning data.Last edited by sakishrist (2014-07-11 22:19:38)
Offline
#5 2014-07-12 06:04:29
- Pse
- Member
- Registered: 2008-03-15
- Posts: 413
Re: [SOLVED] Weird processes
It might be worth contacting the mirror to inform them of a possible intrusion. It is odd, though, as packages are signed. Did you install anything in particular right after finishing installing Arch? Did you run the installation while connected to Internet with no firewall/router/NAT in-between?
Offline
#7 2014-07-12 08:31:27
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
I think the only thing I installed from the chrooted environment after the arch base was the net-tools package.
The machine is connected directly to the internet, it has a public address (replaced with a private/fake one in the above examples).
Here is the pacman history of the machine:
[root@mc-arch ~]# cat /var/log/pacman.log
[2014-07-11 11:22] [PACMAN] Running 'pacman -r /mnt -Sy --cachedir=/mnt/var/cache/pacman/pkg --noconfirm base'
[2014-07-11 11:22] [PACMAN] synchronizing package lists
[2014-07-11 11:22] [PACMAN] installed linux-api-headers (3.14.1-1)
[2014-07-11 11:22] [PACMAN] installed tzdata (2014e-1)
[2014-07-11 11:22] [PACMAN] installed iana-etc (2.30-4)
[2014-07-11 11:22] [PACMAN] installed filesystem (2014.06-2)
[2014-07-11 11:22] [PACMAN] installed glibc (2.19-5)
[2014-07-11 11:22] [PACMAN] installed ncurses (5.9-6)
[2014-07-11 11:22] [PACMAN] installed readline (6.3.006-1)
[2014-07-11 11:22] [PACMAN] installed bash (4.3.018-3)
[2014-07-11 11:22] [PACMAN] installed bzip2 (1.0.6-5)
[2014-07-11 11:22] [PACMAN] installed zlib (1.2.8-3)
[2014-07-11 11:22] [PACMAN] installed cracklib (2.9.0-2)
[2014-07-11 11:22] [PACMAN] installed libutil-linux (2.24.2-1)
[2014-07-11 11:22] [PACMAN] installed e2fsprogs (1.42.10-1)
[2014-07-11 11:22] [PACMAN] installed gdbm (1.11-1)
[2014-07-11 11:22] [PACMAN] installed gcc-libs (4.9.0-5)
[2014-07-11 11:22] [PACMAN] installed db (5.3.28-1)
[2014-07-11 11:22] [PACMAN] installed perl (5.20.0-5)
[2014-07-11 11:22] [PACMAN] installed openssl (1.0.1.h-1)
[2014-07-11 11:22] [PACMAN] installed libsasl (2.1.26-7)
[2014-07-11 11:22] [PACMAN] installed libldap (2.4.39-1)
[2014-07-11 11:22] [PACMAN] installed keyutils (1.5.9-1)
[2014-07-11 11:22] [PACMAN] installed krb5 (1.12.1-1)
[2014-07-11 11:22] [PACMAN] installed libtirpc (0.2.4-1)
[2014-07-11 11:22] [PACMAN] installed pambase (20130928-1)
[2014-07-11 11:22] [PACMAN] installed pam (1.1.8-5)
[2014-07-11 11:22] [PACMAN] installed attr (2.4.47-1)
[2014-07-11 11:22] [PACMAN] installed acl (2.2.52-2)
[2014-07-11 11:22] [PACMAN] installed gmp (6.0.0-1)
[2014-07-11 11:22] [PACMAN] installed libcap (2.24-1)
[2014-07-11 11:22] [PACMAN] installed coreutils (8.22-4)
[2014-07-11 11:22] [PACMAN] installed libdbus (1.8.4-1)
[2014-07-11 11:22] [PACMAN] installed expat (2.1.0-3)
[2014-07-11 11:22] [PACMAN] installed dbus (1.8.4-1)
[2014-07-11 11:22] [PACMAN] installed pcre (8.35-1)
[2014-07-11 11:22] [PACMAN] installed libffi (3.1-2)
[2014-07-11 11:22] [PACMAN] installed glib2 (2.40.0-1)
[2014-07-11 11:22] [PACMAN] installed kbd (2.0.1-1)
[2014-07-11 11:22] [PACMAN] installed kmod (18-1)
[2014-07-11 11:22] [PACMAN] installed hwids (20140602-1)
[2014-07-11 11:22] [PACMAN] installed libgpg-error (1.13-1)
[2014-07-11 11:22] [PACMAN] installed libgcrypt (1.6.1-1)
[2014-07-11 11:22] [PACMAN] installed xz (5.0.5-2)
[2014-07-11 11:22] [PACMAN] installed libsystemd (214-2)
[2014-07-11 11:22] [PACMAN] installed libseccomp (2.1.1-1)
[2014-07-11 11:22] [PACMAN] installed shadow (4.2.1-1)
[2014-07-11 11:22] [PACMAN] installed util-linux (2.24.2-1)
[2014-07-11 11:22] [ALPM-SCRIPTLET] Initializing machine ID from random generator.
[2014-07-11 11:22] [ALPM-SCRIPTLET] ln -s '/usr/lib/systemd/system/getty@.service' '/etc/systemd/system/getty.target.wants/getty@tty1.service'
[2014-07-11 11:22] [ALPM-SCRIPTLET] :: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your
[2014-07-11 11:22] [ALPM-SCRIPTLET] bootloader to replace sysvinit with systemd, or install systemd-sysvcompat
[2014-07-11 11:22] [PACMAN] installed systemd (214-2)
[2014-07-11 11:22] [PACMAN] installed device-mapper (2.02.106-2)
[2014-07-11 11:22] [PACMAN] installed popt (1.16-7)
[2014-07-11 11:22] [PACMAN] installed cryptsetup (1.6.4-1)
[2014-07-11 11:22] [PACMAN] installed dhcpcd (6.4.0-1)
[2014-07-11 11:22] [PACMAN] installed diffutils (3.3-1)
[2014-07-11 11:22] [PACMAN] installed file (5.19-1)
[2014-07-11 11:22] [PACMAN] installed findutils (4.4.2-6)
[2014-07-11 11:22] [PACMAN] installed mpfr (3.1.2.p10-1)
[2014-07-11 11:22] [PACMAN] installed gawk (4.1.1-1)
[2014-07-11 11:22] [PACMAN] installed libunistring (0.9.3-6)
[2014-07-11 11:23] [PACMAN] installed gettext (0.19.1-1)
[2014-07-11 11:23] [PACMAN] installed grep (2.20-1)
[2014-07-11 11:23] [PACMAN] installed less (458-1)
[2014-07-11 11:23] [PACMAN] installed gzip (1.6-1)
[2014-07-11 11:23] [PACMAN] installed inetutils (1.9.2-1)
[2014-07-11 11:23] [PACMAN] installed iptables (1.4.21-1)
[2014-07-11 11:23] [PACMAN] installed iproute2 (3.14.0-1)
[2014-07-11 11:23] [PACMAN] installed sysfsutils (2.1.0-9)
[2014-07-11 11:23] [PACMAN] installed iputils (20121221-3)
[2014-07-11 11:23] [PACMAN] installed jfsutils (1.1.15-4)
[2014-07-11 11:23] [PACMAN] installed licenses (20140629-1)
[2014-07-11 11:23] [PACMAN] installed linux-firmware (20140603.a4f3bc0-1)
[2014-07-11 11:23] [PACMAN] installed mkinitcpio-busybox (1.21.1-2)
[2014-07-11 11:23] [PACMAN] installed lzo2 (2.08-1)
[2014-07-11 11:23] [PACMAN] installed libarchive (3.1.2-6)
[2014-07-11 11:23] [PACMAN] installed mkinitcpio (17-1)
[2014-07-11 11:23] [ALPM-SCRIPTLET] >>> Updating module dependencies. Please wait ...
[2014-07-11 11:23] [ALPM-SCRIPTLET] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Starting build: 3.15.4-1-ARCH
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [udev]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [autodetect]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [fsck]
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Creating gzip initcpio image: /boot/initramfs-linux.img
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Image generation successful
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Starting build: 3.15.4-1-ARCH
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [udev]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: aic94xx
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: smsmdtv
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2014-07-11 11:23] [ALPM-SCRIPTLET] -> Running build hook: [fsck]
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img
[2014-07-11 11:23] [ALPM-SCRIPTLET] ==> Image generation successful
[2014-07-11 11:23] [PACMAN] installed linux (3.15.4-1)
[2014-07-11 11:23] [PACMAN] installed logrotate (3.8.7-3)
[2014-07-11 11:23] [PACMAN] installed lvm2 (2.02.106-2)
[2014-07-11 11:23] [PACMAN] installed groff (1.22.2-6)
[2014-07-11 11:23] [PACMAN] installed libpipeline (1.3.0-1)
[2014-07-11 11:23] [ALPM-SCRIPTLET] it's recommended to create an initial
[2014-07-11 11:23] [ALPM-SCRIPTLET] database running as root:
[2014-07-11 11:23] [ALPM-SCRIPTLET] "/usr/bin/mandb --quiet"
[2014-07-11 11:23] [PACMAN] installed man-db (2.6.7.1-1)
[2014-07-11 11:23] [PACMAN] installed man-pages (3.69-1)
[2014-07-11 11:23] [PACMAN] installed mdadm (3.3.1-2)
[2014-07-11 11:23] [PACMAN] installed nano (2.2.6-3)
[2014-07-11 11:23] [PACMAN] installed openresolv (3.5.6-1)
[2014-07-11 11:23] [PACMAN] installed netctl (1.8-1)
[2014-07-11 11:23] [PACMAN] installed run-parts (4.4-1)
[2014-07-11 11:23] [PACMAN] installed sed (4.2.2-3)
[2014-07-11 11:23] [PACMAN] installed ca-certificates (20140325-1)
[2014-07-11 11:23] [PACMAN] installed libssh2 (1.4.3-2)
[2014-07-11 11:23] [PACMAN] installed curl (7.37.0-1)
[2014-07-11 11:23] [PACMAN] installed pth (2.0.7-5)
[2014-07-11 11:23] [PACMAN] installed libksba (1.3.0-1)
[2014-07-11 11:23] [PACMAN] installed libassuan (2.1.1-1)
[2014-07-11 11:23] [PACMAN] installed pinentry (0.8.3-1)
[2014-07-11 11:23] [PACMAN] installed dirmngr (1.1.1-2)
[2014-07-11 11:23] [PACMAN] installed gnupg (2.0.25-1)
[2014-07-11 11:23] [PACMAN] installed gpgme (1.5.0-1)
[2014-07-11 11:23] [PACMAN] installed pacman-mirrorlist (20140706-1)
[2014-07-11 11:23] [PACMAN] installed archlinux-keyring (20140220-1)
[2014-07-11 11:23] [PACMAN] installed pacman (4.1.2-6)
[2014-07-11 11:23] [PACMAN] installed pciutils (3.2.1-1)
[2014-07-11 11:23] [PACMAN] installed pcmciautils (018-7)
[2014-07-11 11:23] [PACMAN] installed procps-ng (3.3.9-3)
[2014-07-11 11:23] [PACMAN] installed psmisc (22.21-2)
[2014-07-11 11:23] [PACMAN] installed reiserfsprogs (3.6.24-1)
[2014-07-11 11:23] [PACMAN] installed s-nail (14.7.1-1)
[2014-07-11 11:23] [PACMAN] installed systemd-sysvcompat (214-2)
[2014-07-11 11:23] [PACMAN] installed tar (1.27.1-1)
[2014-07-11 11:23] [PACMAN] installed texinfo (5.2-2)
[2014-07-11 11:23] [PACMAN] installed libusb (1.0.19-1)
[2014-07-11 11:23] [PACMAN] installed usbutils (007-1)
[2014-07-11 11:23] [PACMAN] installed vi (1:050325-4)
[2014-07-11 11:23] [PACMAN] installed which (2.20-6)
[2014-07-11 11:23] [PACMAN] installed xfsprogs (3.2.0-1)
[2014-07-11 11:41] [PACMAN] Running 'pacman -Syu net-tools'
[2014-07-11 11:41] [PACMAN] synchronizing package lists
[2014-07-11 11:41] [PACMAN] starting full system upgrade
[2014-07-11 11:41] [PACMAN] installed net-tools (1.60.20130531git-1)
[2014-07-11 15:28] [PACMAN] Running 'pacman -Syu grub'
[2014-07-11 15:28] [PACMAN] synchronizing package lists
[2014-07-11 15:28] [PACMAN] starting full system upgrade
[2014-07-11 15:28] [ALPM-SCRIPTLET] Generating grub.cfg.example config file...
[2014-07-11 15:28] [ALPM-SCRIPTLET] This may fail on some machines running a custom kernel.
[2014-07-11 15:28] [ALPM-SCRIPTLET] done.
[2014-07-11 15:28] [PACMAN] installed grub (1:2.02.beta2-4)
[2014-07-11 15:59] [PACMAN] Running 'pacman -Syu'
[2014-07-11 15:59] [PACMAN] synchronizing package lists
[2014-07-11 16:01] [PACMAN] Running 'pacman -Syu'
[2014-07-11 16:01] [PACMAN] synchronizing package lists
[2014-07-11 16:01] [PACMAN] starting full system upgrade
[2014-07-11 16:26] [PACMAN] Running 'pacman -S openssh-server'
[2014-07-11 16:26] [PACMAN] Running 'pacman -S openssh'
[2014-07-11 16:26] [PACMAN] installed libedit (20140213_3.1-1)
[2014-07-11 16:26] [PACMAN] installed dnssec-anchors (20140629-1)
[2014-07-11 16:26] [PACMAN] installed ldns (1.6.17-1)
[2014-07-11 16:26] [PACMAN] installed openssh (6.6p1-2)
[2014-07-11 16:36] [PACMAN] Running 'pacman -S java'
[2014-07-11 16:37] [PACMAN] Running 'pacman -S wget'
[2014-07-11 16:38] [PACMAN] installed libidn (1.28-2)
[2014-07-11 16:38] [PACMAN] installed wget (1.15-1)
[2014-07-11 16:44] [PACMAN] Running 'pacman -S archlinux-java'
[2014-07-11 16:48] [PACMAN] Running 'pacman -S jre7-openjdk'
[2014-07-11 16:48] [PACMAN] installed libjpeg-turbo (1.3.1-1)
[2014-07-11 16:48] [PACMAN] installed libtiff (4.0.3-4)
[2014-07-11 16:48] [PACMAN] installed lcms2 (2.6-1)
[2014-07-11 16:48] [PACMAN] installed nspr (4.10.6-1)
[2014-07-11 16:48] [PACMAN] installed sqlite (3.8.5-1)
[2014-07-11 16:48] [PACMAN] installed nss (3.16.1-1)
[2014-07-11 16:48] [PACMAN] installed ca-certificates-java (20140324-3)
[2014-07-11 16:48] [ALPM-SCRIPTLET] done.
[2014-07-11 16:48] [PACMAN] installed jre7-openjdk-headless (7.u60_2.5.0-3)
[2014-07-11 16:48] [PACMAN] installed xcb-proto (1.10-2)
[2014-07-11 16:48] [PACMAN] installed xproto (7.0.26-1)
[2014-07-11 16:48] [PACMAN] installed libxdmcp (1.1.1-2)
[2014-07-11 16:48] [PACMAN] installed libxau (1.0.8-2)
[2014-07-11 16:48] [PACMAN] installed libxcb (1.10-2)
[2014-07-11 16:48] [PACMAN] installed kbproto (1.0.6-2)
[2014-07-11 16:48] [PACMAN] installed libx11 (1.6.2-2)
[2014-07-11 16:48] [PACMAN] installed xextproto (7.3.0-1)
[2014-07-11 16:48] [PACMAN] installed libxext (1.3.2-1)
[2014-07-11 16:48] [PACMAN] installed libice (1.0.9-1)
[2014-07-11 16:48] [PACMAN] installed libsm (1.2.2-2)
[2014-07-11 16:48] [PACMAN] installed libxt (1.1.4-1)
[2014-07-11 16:48] [PACMAN] installed libxmu (1.1.2-1)
[2014-07-11 16:48] [PACMAN] installed xorg-xset (1.2.3-1)
[2014-07-11 16:48] [PACMAN] installed xdg-utils (1.1.0.git20140426-1)
[2014-07-11 16:48] [PACMAN] installed hicolor-icon-theme (0.13-1)
[2014-07-11 16:48] [ALPM-SCRIPTLET] when you use a non-reparenting window manager
[2014-07-11 16:48] [ALPM-SCRIPTLET] set _JAVA_AWT_WM_NONREPARENTING=1 in
[2014-07-11 16:48] [ALPM-SCRIPTLET] /etc/profile.d/jre.sh
[2014-07-11 16:48] [PACMAN] installed jre7-openjdk (7.u60_2.5.0-3)
[2014-07-11 16:58] [PACMAN] Running 'pacman -S screen'
[2014-07-11 16:58] [PACMAN] installed screen (4.2.1-2)
[2014-07-11 18:18] [PACMAN] Running 'pacman -S netcfg2'
[2014-07-11 18:18] [PACMAN] Running 'pacman -S netcfg'
[2014-07-11 18:20] [PACMAN] Running 'pacman -S netctl'
[2014-07-11 18:20] [PACMAN] reinstalled netctl (1.8-1)I would be glad to contact the mirror but as Pse said, packages should be signed.
Here are the repos:
[...]
#[testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist
#[multilib]
#Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgsLast edited by sakishrist (2014-07-12 08:34:17)
Offline
#8 2014-07-12 08:45:26
- Cloudef
- Member
- Registered: 2010-10-12
- Posts: 636
Re: [SOLVED] Weird processes
Can you run pacman -Ql | grep nhgbhhj to see if it finds the weird binary from any of the installed packages.
What is the siglevel settings on your pacman.conf?
Also I see you used cache /mnt/var/cache/pacman/pkg, where were those packages originally from?
Last edited by Cloudef (2014-07-12 08:45:37)
Offline
#9 2014-07-12 09:06:30
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
Here are the md5sums of the packages in /var/cache/pacman/pkg/
[root@mc-arch pkg]# for i in $(ls) ; do md5sum $i; done
257b1b0874e3cbcc472fa78294ff91d9 acl-2.2.52-2-x86_64.pkg.tar.xz
fbdff295f625165c82cfea1e40cc613c archlinux-keyring-20140220-1-any.pkg.tar.xz
59af7b76a24d53625818203ef469871f attr-2.4.47-1-x86_64.pkg.tar.xz
28d48b01c64addec156949603e276063 bash-4.3.018-3-x86_64.pkg.tar.xz
3336e17254816d80b89e68360361e98d bzip2-1.0.6-5-x86_64.pkg.tar.xz
91b3332532dad71a43e671bce11ac685 ca-certificates-20140325-1-any.pkg.tar.xz
1a20d1722f1f52f8cc0bad86dfe97964 ca-certificates-java-20140324-3-any.pkg.tar.xz
cc5c2c7c86bc3285a71cb64272479a5a coreutils-8.22-4-x86_64.pkg.tar.xz
aa0a15cb5b63b74437469292717461b2 cracklib-2.9.0-2-x86_64.pkg.tar.xz
6ed93cc586d4d3736189fe3c631df643 cryptsetup-1.6.4-1-x86_64.pkg.tar.xz
652d773914ed349cf3268ac53fd05d86 curl-7.37.0-1-x86_64.pkg.tar.xz
fd66f1f94cf34c9bc9c21f44522514b2 db-5.3.28-1-x86_64.pkg.tar.xz
2be15e80233530a0e24de57d4f59c453 dbus-1.8.4-1-x86_64.pkg.tar.xz
c4d5e466f1699abd093ad42fd07dc9fa device-mapper-2.02.106-2-x86_64.pkg.tar.xz
890c30264b30077d77a57790fdad3aed dhcpcd-6.4.0-1-x86_64.pkg.tar.xz
1f9854cb4c508f59820db0a6d0caf4e7 diffutils-3.3-1-x86_64.pkg.tar.xz
c41c57515b00010700b4fe52f635d30c dirmngr-1.1.1-2-x86_64.pkg.tar.xz
9f3d2fafe63fff73c6ceea66631d4f20 dnssec-anchors-20140629-1-any.pkg.tar.xz
4f49bca64d4aa50953c961421bb8fb8e e2fsprogs-1.42.10-1-x86_64.pkg.tar.xz
27eece2d36c20f560288d7d912fc29a0 expat-2.1.0-3-x86_64.pkg.tar.xz
ff91310cc2d68bbb23e3d4f0fb504ec0 file-5.19-1-x86_64.pkg.tar.xz
10960ca393e699b63e0c3e88a35d3495 filesystem-2014.06-2-x86_64.pkg.tar.xz
bf2ddac3c5f83b40b18dc822342ead73 findutils-4.4.2-6-x86_64.pkg.tar.xz
b9e4ddc783d564e67ab4e0e0e1a59cbb gawk-4.1.1-1-x86_64.pkg.tar.xz
fab97f359d457c3a2fe37a19858cca8f gcc-libs-4.9.0-5-x86_64.pkg.tar.xz
41ef75dc16d0d48e061db6c08ce6ce8e gdbm-1.11-1-x86_64.pkg.tar.xz
6a14346f1a30453f3e1dbb4fca1b5762 gettext-0.19.1-1-x86_64.pkg.tar.xz
8760bff651fae3cbf0465847d7a58df0 glib2-2.40.0-1-x86_64.pkg.tar.xz
c31a8338c238d600318102a80dc8c93b glibc-2.19-5-x86_64.pkg.tar.xz
c62dc997110189d3bd09a90e6a5decee gmp-6.0.0-1-x86_64.pkg.tar.xz
34705e0b09b52b9d57508b5c2c4253e0 gnupg-2.0.25-1-x86_64.pkg.tar.xz
6838963a4c2af9a8855681cece833f4d gpgme-1.5.0-1-x86_64.pkg.tar.xz
375fec2b64268b55c690522aa6218078 grep-2.20-1-x86_64.pkg.tar.xz
cb7ae4f4469970c6a90bdbcd2d468dde groff-1.22.2-6-x86_64.pkg.tar.xz
6d40ca6fff1b90bedb53c46e2f0565ef grub-1:2.02.beta2-4-x86_64.pkg.tar.xz
70c4aaa46fcfd448b9981ba2e9d74889 gzip-1.6-1-x86_64.pkg.tar.xz
836ac75c11b71ff00a02b9aacfe9fdba hicolor-icon-theme-0.13-1-any.pkg.tar.xz
6d22dc8ff2f0e4f2fa837cc6e8e24833 hwids-20140602-1-any.pkg.tar.xz
03df384f43dbfe017fb0fbbe83c97bea iana-etc-2.30-4-any.pkg.tar.xz
a3e0216f86952d5a4e7b2eab0bfece54 inetutils-1.9.2-1-x86_64.pkg.tar.xz
131c066da1b8e1beaf196573d4ff202e iproute2-3.14.0-1-x86_64.pkg.tar.xz
3a52275159204ae26936604c35cb8a88 iptables-1.4.21-1-x86_64.pkg.tar.xz
3e709ae9521113b097dc873325fa2fd3 iputils-20121221-3-x86_64.pkg.tar.xz
57fbfdec13fd7913811503f58c5d4229 jfsutils-1.1.15-4-x86_64.pkg.tar.xz
8fa1e912c1d5e1f395372730e0c8d8db jre7-openjdk-7.u60_2.5.0-3-x86_64.pkg.tar.xz
8598713eeb1a5f47f11746868b7480ac jre7-openjdk-headless-7.u60_2.5.0-3-x86_64.pkg.tar.xz
f84d2320e499babe55ef0e7974c7d4e4 kbd-2.0.1-1-x86_64.pkg.tar.xz
62eccdb76e098a947d8c7d0b476406ba kbproto-1.0.6-2-any.pkg.tar.xz
d4ff87b55c7ae7385d52479571eb8141 keyutils-1.5.9-1-x86_64.pkg.tar.xz
8c836df3d10950e0615f8e74c5eb7fbe kmod-18-1-x86_64.pkg.tar.xz
54015b2531d42386330868162efc203b krb5-1.12.1-1-x86_64.pkg.tar.xz
24b47898187f58e8411d5626207072e4 lcms2-2.6-1-x86_64.pkg.tar.xz
74ee058f2e24f0128d55a548082e5478 ldns-1.6.17-1-x86_64.pkg.tar.xz
5dd1fb7cdbb4b4a866332b0be694d1d1 less-458-1-x86_64.pkg.tar.xz
fdc3cf0733d89df2b1e6f6c32558095c libarchive-3.1.2-6-x86_64.pkg.tar.xz
3c8ec55db7c0df71b76ffca4da414cec libassuan-2.1.1-1-x86_64.pkg.tar.xz
76f5af497d16b89374fab8b146bfbb8e libcap-2.24-1-x86_64.pkg.tar.xz
83bc7b6b9af3f2685ac39a1d6265f00b libdbus-1.8.4-1-x86_64.pkg.tar.xz
b3734b98caedc96fa9bcad1e0e8e178c libedit-20140213_3.1-1-x86_64.pkg.tar.xz
b1c215ace9d0a6bd48375eba50c30af7 libffi-3.1-2-x86_64.pkg.tar.xz
ad4602934217c03d464380458dfc9149 libgcrypt-1.6.1-1-x86_64.pkg.tar.xz
db5d30d06861cb4166a5f2bff5b35f12 libgpg-error-1.13-1-x86_64.pkg.tar.xz
cec19bfba159b817f9794d8bf584b773 libice-1.0.9-1-x86_64.pkg.tar.xz
7541b0927356375c4bb6209c4fda100f libidn-1.28-2-x86_64.pkg.tar.xz
eff719d5c4fe3c44ef7d165e2d7a17a0 libjpeg-turbo-1.3.1-1-x86_64.pkg.tar.xz
de462a3f86a04a27e92d910f5df40393 libksba-1.3.0-1-x86_64.pkg.tar.xz
a33cc730d75f54524d971f6e4163d629 libldap-2.4.39-1-x86_64.pkg.tar.xz
06842cbd0ca1d21f13162d9701c3199d libpipeline-1.3.0-1-x86_64.pkg.tar.xz
697ac4466186240d0cc908c0039fd869 libsasl-2.1.26-7-x86_64.pkg.tar.xz
9d603ac70a9c894233dbe65790c919e3 libseccomp-2.1.1-1-x86_64.pkg.tar.xz
a66e13f7cb014d755917007f8d257ea7 libsm-1.2.2-2-x86_64.pkg.tar.xz
9a14c9705697e742165d31cfa8fb4010 libssh2-1.4.3-2-x86_64.pkg.tar.xz
3304b7b374688a9d40ae259c9ac62725 libsystemd-214-2-x86_64.pkg.tar.xz
8b0e65c14080eabd1f8b5aa48cf312bc libtiff-4.0.3-4-x86_64.pkg.tar.xz
37ad82dfe4b756bd78b4f75980788a0b libtirpc-0.2.4-1-x86_64.pkg.tar.xz
ce3c388faa6ddcd7fa41c7868fc8f3a3 libunistring-0.9.3-6-x86_64.pkg.tar.xz
bd8e34873461f975e695d3c84830cae1 libusb-1.0.19-1-x86_64.pkg.tar.xz
4d30be00aa6c1e2ef03a444d54baf89e libutil-linux-2.24.2-1-x86_64.pkg.tar.xz
5c1e778bc2c0c3166572985d9000d9b2 libx11-1.6.2-2-x86_64.pkg.tar.xz
79b35169310aae2691d8d09f10070ea6 libxau-1.0.8-2-x86_64.pkg.tar.xz
0e7d6928668fcb1103aea4e6b99b51cf libxcb-1.10-2-x86_64.pkg.tar.xz
a95efa0cc9ff937632da348847b3014b libxdmcp-1.1.1-2-x86_64.pkg.tar.xz
425a73567787002bd8e53d973fb915ad libxext-1.3.2-1-x86_64.pkg.tar.xz
5f7bf2aba04e0d27ee8456556e431a32 libxmu-1.1.2-1-x86_64.pkg.tar.xz
9b1a3403e6bba49723183a3b173826f4 libxt-1.1.4-1-x86_64.pkg.tar.xz
9d3ab130984e4a5f57e584b6910f934c licenses-20140629-1-any.pkg.tar.xz
82d463bfcfcc161905eb60a9b9554e4f linux-3.15.4-1-x86_64.pkg.tar.xz
b54b93a1621cbeb2b0f29564bb300000 linux-api-headers-3.14.1-1-x86_64.pkg.tar.xz
dc2fa6ba19fd5dc2f8328199213718b4 linux-firmware-20140603.a4f3bc0-1-any.pkg.tar.xz
077825f0af5cf29e0a3ceee98584b9ee logrotate-3.8.7-3-x86_64.pkg.tar.xz
d6e14c4ce19f639d30a84a92be92b309 lvm2-2.02.106-2-x86_64.pkg.tar.xz
1a076b15a9c19235419afe735f52135c lzo2-2.08-1-x86_64.pkg.tar.xz
454f869ab647e83f536fcba1d225bc2c man-db-2.6.7.1-1-x86_64.pkg.tar.xz
c08035699aa867e0e333da7c18c88e31 man-pages-3.69-1-any.pkg.tar.xz
d30f5b87edd7a473a978da54dd073986 mdadm-3.3.1-2-x86_64.pkg.tar.xz
281a717c94e6c0f8087a54c8f1480e60 mkinitcpio-17-1-any.pkg.tar.xz
561aec25b7b814540d27ce78a63354f4 mkinitcpio-busybox-1.21.1-2-x86_64.pkg.tar.xz
1974a88ea8d89d9fdcaf58eea2010ec3 mpfr-3.1.2.p10-1-x86_64.pkg.tar.xz
1441335aab5fefaa503ea8fbc5c376b4 nano-2.2.6-3-x86_64.pkg.tar.xz
c23d657ec8f0385ad3713f65056e1bcd ncurses-5.9-6-x86_64.pkg.tar.xz
d9574bd37a032ff1694cc34b49feb55e netctl-1.8-1-any.pkg.tar.xz
3f1ef4024bf75f16b71355b367ecc7ac net-tools-1.60.20130531git-1-x86_64.pkg.tar.xz
441bab3c1a46dc32c4d4424f9e621b5f nspr-4.10.6-1-x86_64.pkg.tar.xz
b5eeeaeb02dbf3e65fe36803b0f923fb nss-3.16.1-1-x86_64.pkg.tar.xz
e84eff885a179eeb04f46621faa3c9f4 openresolv-3.5.6-1-any.pkg.tar.xz
c40a709ea59b0d63ed2d171120c0d4c7 openssh-6.6p1-2-x86_64.pkg.tar.xz
7123c41ecc3b4ff608da400467aad90a openssl-1.0.1.h-1-x86_64.pkg.tar.xz
60bcd228079651798f3d07cb49626c57 pacman-4.1.2-6-x86_64.pkg.tar.xz
53e3b4795c90ea261a1a40980ec32d84 pacman-mirrorlist-20140706-1-any.pkg.tar.xz
23a35b528ddb8b033e2ede586583e715 pam-1.1.8-5-x86_64.pkg.tar.xz
57e908871a70313e56882eedf336c00f pambase-20130928-1-any.pkg.tar.xz
019b594f75aa869c0475f627966549cf pciutils-3.2.1-1-x86_64.pkg.tar.xz
0cc07d3d7b07bb0059b26fbd0f9b0efc pcmciautils-018-7-x86_64.pkg.tar.xz
ef49c20223211530f732e07dbcaf76b2 pcre-8.35-1-x86_64.pkg.tar.xz
b1fec00ee18383d28ec5c0b30e0ae360 perl-5.20.0-5-x86_64.pkg.tar.xz
aa34c0884b2a707e3ee33608f683e163 pinentry-0.8.3-1-x86_64.pkg.tar.xz
5908046444d5c748fa229ca547913a8b popt-1.16-7-x86_64.pkg.tar.xz
e50062aea105aed458533f87cc29824c procps-ng-3.3.9-3-x86_64.pkg.tar.xz
eec6b1625528583e89bde0dfb8d78bc6 psmisc-22.21-2-x86_64.pkg.tar.xz
8763ce66fceb56e643409b40ff3db905 pth-2.0.7-5-x86_64.pkg.tar.xz
bd6a535742b66589eb51f0cc05050a08 readline-6.3.006-1-x86_64.pkg.tar.xz
af097aed21ff169f6d932f5171a92b74 reiserfsprogs-3.6.24-1-x86_64.pkg.tar.xz
25cd6b95ea3580c7baffe60771fffbc3 run-parts-4.4-1-x86_64.pkg.tar.xz
e1c106c1f78153d29ed0eda536452bdc screen-4.2.1-2-x86_64.pkg.tar.xz
b463fc8ea77a12854b5f2bedb296d016 sed-4.2.2-3-x86_64.pkg.tar.xz
7a34ed461479ed3736747ef918c3b713 shadow-4.2.1-1-x86_64.pkg.tar.xz
b532159519b1aa19bfb5ec88bda900f8 s-nail-14.7.1-1-x86_64.pkg.tar.xz
3a3b2414aab20539ff5ed5ec4dbc5207 sqlite-3.8.5-1-x86_64.pkg.tar.xz
ebde21a83bb2835ffdb5d7582c3a2f04 sysfsutils-2.1.0-9-x86_64.pkg.tar.xz
9c829b26b2c36811211ba70e8eb02bc9 systemd-214-2-x86_64.pkg.tar.xz
6ae334e1616fe507915fb9132277a556 systemd-sysvcompat-214-2-x86_64.pkg.tar.xz
0b4160a068fb35d4c1a4adda2ce7fab2 tar-1.27.1-1-x86_64.pkg.tar.xz
49a79c25f91fb1519a6eefab3078fa19 texinfo-5.2-2-x86_64.pkg.tar.xz
b9cf575f102f4d1aef0dbd6a737e32b3 tzdata-2014e-1-any.pkg.tar.xz
d25f018c960d7dfbed40a4092043ce9c usbutils-007-1-x86_64.pkg.tar.xz
74d8d8fb3f996d7f05c6163cf96353f5 util-linux-2.24.2-1-x86_64.pkg.tar.xz
342c99609897c8bba5c82bb5ad165734 vi-1:050325-4-x86_64.pkg.tar.xz
d542d1923bae50cdb0a51615c6c11932 wget-1.15-1-x86_64.pkg.tar.xz
7132ebb9f86395e054d60f2f92226a9e which-2.20-6-x86_64.pkg.tar.xz
2af841089e48dc9b04a5fcfbbaf3d18d xcb-proto-1.10-2-any.pkg.tar.xz
5e7d532832f80f0bb011761ff1eb3e95 xdg-utils-1.1.0.git20140426-1-any.pkg.tar.xz
2692d32a9f9a34ad8c5870a25c48a2e1 xextproto-7.3.0-1-any.pkg.tar.xz
69e02d1689b5cab74adac4aa7635418c xfsprogs-3.2.0-1-x86_64.pkg.tar.xz
3e156f46f5c5d43d00135f6d61226ec0 xorg-xset-1.2.3-1-x86_64.pkg.tar.xz
d9bf1451f2d3d3dc468cf2595927e760 xproto-7.0.26-1-any.pkg.tar.xz
dffd7d52f16ae499f2416c3fc9efa15b xz-5.0.5-2-x86_64.pkg.tar.xz
daccb81e332c9aef20c5e9d4ce7800f7 zlib-1.2.8-3-x86_64.pkg.tar.xz@Cloudef
[root@mc-arch pkg]# pacman -Ql | grep nhgbhhj
[root@mc-arch pkg]# pacman -Ql | grep .SSH2
[root@mc-arch pkg]# pacman -Ql | grep SSH2
[root@mc-arch pkg]# pacman -Ql | grep .sshdd1405093530All of these return nothing.
Siglevel:
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional/mnt/var/cache/pacman/pkg is during the install with pacstrap.
Offline
#10 2014-07-12 09:32:10
- Cloudef
- Member
- Registered: 2010-10-12
- Posts: 636
Re: [SOLVED] Weird processes
LocalFileSigLevel = Optional <- I think this means the packages installed from cache are not checked.
The -Ql log means that the files were not registered in pacman database for some reason, either they came from the cache or from some other place.
I'll compare the md5sums you posted to mine.
I dint have all the same packages in cache you had, but the ones I had (majority) had the same md5.
257b1b0874e3cbcc472fa78294ff91d9 acl-2.2.52-2-x86_64.pkg.tar.xz
fbdff295f625165c82cfea1e40cc613c archlinux-keyring-20140220-1-any.pkg.tar.xz
59af7b76a24d53625818203ef469871f attr-2.4.47-1-x86_64.pkg.tar.xz
28d48b01c64addec156949603e276063 bash-4.3.018-3-x86_64.pkg.tar.xz
3336e17254816d80b89e68360361e98d bzip2-1.0.6-5-x86_64.pkg.tar.xz
91b3332532dad71a43e671bce11ac685 ca-certificates-20140325-1-any.pkg.tar.xz
md5sum: ca-certificates-java-20140324-3-any.pkg.tar.xz: No such file or directory
cc5c2c7c86bc3285a71cb64272479a5a coreutils-8.22-4-x86_64.pkg.tar.xz
aa0a15cb5b63b74437469292717461b2 cracklib-2.9.0-2-x86_64.pkg.tar.xz
md5sum: cryptsetup-1.6.4-1-x86_64.pkg.tar.xz: No such file or directory
652d773914ed349cf3268ac53fd05d86 curl-7.37.0-1-x86_64.pkg.tar.xz
fd66f1f94cf34c9bc9c21f44522514b2 db-5.3.28-1-x86_64.pkg.tar.xz
2be15e80233530a0e24de57d4f59c453 dbus-1.8.4-1-x86_64.pkg.tar.xz
c4d5e466f1699abd093ad42fd07dc9fa device-mapper-2.02.106-2-x86_64.pkg.tar.xz
890c30264b30077d77a57790fdad3aed dhcpcd-6.4.0-1-x86_64.pkg.tar.xz
1f9854cb4c508f59820db0a6d0caf4e7 diffutils-3.3-1-x86_64.pkg.tar.xz
c41c57515b00010700b4fe52f635d30c dirmngr-1.1.1-2-x86_64.pkg.tar.xz
9f3d2fafe63fff73c6ceea66631d4f20 dnssec-anchors-20140629-1-any.pkg.tar.xz
4f49bca64d4aa50953c961421bb8fb8e e2fsprogs-1.42.10-1-x86_64.pkg.tar.xz
27eece2d36c20f560288d7d912fc29a0 expat-2.1.0-3-x86_64.pkg.tar.xz
ff91310cc2d68bbb23e3d4f0fb504ec0 file-5.19-1-x86_64.pkg.tar.xz
10960ca393e699b63e0c3e88a35d3495 filesystem-2014.06-2-x86_64.pkg.tar.xz
bf2ddac3c5f83b40b18dc822342ead73 findutils-4.4.2-6-x86_64.pkg.tar.xz
b9e4ddc783d564e67ab4e0e0e1a59cbb gawk-4.1.1-1-x86_64.pkg.tar.xz
md5sum: gcc-libs-4.9.0-5-x86_64.pkg.tar.xz: No such file or directory
41ef75dc16d0d48e061db6c08ce6ce8e gdbm-1.11-1-x86_64.pkg.tar.xz
6a14346f1a30453f3e1dbb4fca1b5762 gettext-0.19.1-1-x86_64.pkg.tar.xz
8760bff651fae3cbf0465847d7a58df0 glib2-2.40.0-1-x86_64.pkg.tar.xz
c31a8338c238d600318102a80dc8c93b glibc-2.19-5-x86_64.pkg.tar.xz
c62dc997110189d3bd09a90e6a5decee gmp-6.0.0-1-x86_64.pkg.tar.xz
34705e0b09b52b9d57508b5c2c4253e0 gnupg-2.0.25-1-x86_64.pkg.tar.xz
6838963a4c2af9a8855681cece833f4d gpgme-1.5.0-1-x86_64.pkg.tar.xz
375fec2b64268b55c690522aa6218078 grep-2.20-1-x86_64.pkg.tar.xz
cb7ae4f4469970c6a90bdbcd2d468dde groff-1.22.2-6-x86_64.pkg.tar.xz
md5sum: grub-1:2.02.beta2-4-x86_64.pkg.tar.xz: No such file or directory
70c4aaa46fcfd448b9981ba2e9d74889 gzip-1.6-1-x86_64.pkg.tar.xz
836ac75c11b71ff00a02b9aacfe9fdba hicolor-icon-theme-0.13-1-any.pkg.tar.xz
6d22dc8ff2f0e4f2fa837cc6e8e24833 hwids-20140602-1-any.pkg.tar.xz
03df384f43dbfe017fb0fbbe83c97bea iana-etc-2.30-4-any.pkg.tar.xz
a3e0216f86952d5a4e7b2eab0bfece54 inetutils-1.9.2-1-x86_64.pkg.tar.xz
131c066da1b8e1beaf196573d4ff202e iproute2-3.14.0-1-x86_64.pkg.tar.xz
3a52275159204ae26936604c35cb8a88 iptables-1.4.21-1-x86_64.pkg.tar.xz
3e709ae9521113b097dc873325fa2fd3 iputils-20121221-3-x86_64.pkg.tar.xz
md5sum: jfsutils-1.1.15-4-x86_64.pkg.tar.xz: No such file or directory
md5sum: jre7-openjdk-7.u60_2.5.0-3-x86_64.pkg.tar.xz: No such file or directory
md5sum: jre7-openjdk-headless-7.u60_2.5.0-3-x86_64.pkg.tar.xz: No such file or directory
f84d2320e499babe55ef0e7974c7d4e4 kbd-2.0.1-1-x86_64.pkg.tar.xz
62eccdb76e098a947d8c7d0b476406ba kbproto-1.0.6-2-any.pkg.tar.xz
d4ff87b55c7ae7385d52479571eb8141 keyutils-1.5.9-1-x86_64.pkg.tar.xz
8c836df3d10950e0615f8e74c5eb7fbe kmod-18-1-x86_64.pkg.tar.xz
54015b2531d42386330868162efc203b krb5-1.12.1-1-x86_64.pkg.tar.xz
24b47898187f58e8411d5626207072e4 lcms2-2.6-1-x86_64.pkg.tar.xz
74ee058f2e24f0128d55a548082e5478 ldns-1.6.17-1-x86_64.pkg.tar.xz
5dd1fb7cdbb4b4a866332b0be694d1d1 less-458-1-x86_64.pkg.tar.xz
fdc3cf0733d89df2b1e6f6c32558095c libarchive-3.1.2-6-x86_64.pkg.tar.xz
3c8ec55db7c0df71b76ffca4da414cec libassuan-2.1.1-1-x86_64.pkg.tar.xz
76f5af497d16b89374fab8b146bfbb8e libcap-2.24-1-x86_64.pkg.tar.xz
83bc7b6b9af3f2685ac39a1d6265f00b libdbus-1.8.4-1-x86_64.pkg.tar.xz
b3734b98caedc96fa9bcad1e0e8e178c libedit-20140213_3.1-1-x86_64.pkg.tar.xz
b1c215ace9d0a6bd48375eba50c30af7 libffi-3.1-2-x86_64.pkg.tar.xz
ad4602934217c03d464380458dfc9149 libgcrypt-1.6.1-1-x86_64.pkg.tar.xz
db5d30d06861cb4166a5f2bff5b35f12 libgpg-error-1.13-1-x86_64.pkg.tar.xz
cec19bfba159b817f9794d8bf584b773 libice-1.0.9-1-x86_64.pkg.tar.xz
7541b0927356375c4bb6209c4fda100f libidn-1.28-2-x86_64.pkg.tar.xz
eff719d5c4fe3c44ef7d165e2d7a17a0 libjpeg-turbo-1.3.1-1-x86_64.pkg.tar.xz
de462a3f86a04a27e92d910f5df40393 libksba-1.3.0-1-x86_64.pkg.tar.xz
a33cc730d75f54524d971f6e4163d629 libldap-2.4.39-1-x86_64.pkg.tar.xz
06842cbd0ca1d21f13162d9701c3199d libpipeline-1.3.0-1-x86_64.pkg.tar.xz
697ac4466186240d0cc908c0039fd869 libsasl-2.1.26-7-x86_64.pkg.tar.xz
9d603ac70a9c894233dbe65790c919e3 libseccomp-2.1.1-1-x86_64.pkg.tar.xz
a66e13f7cb014d755917007f8d257ea7 libsm-1.2.2-2-x86_64.pkg.tar.xz
9a14c9705697e742165d31cfa8fb4010 libssh2-1.4.3-2-x86_64.pkg.tar.xz
3304b7b374688a9d40ae259c9ac62725 libsystemd-214-2-x86_64.pkg.tar.xz
8b0e65c14080eabd1f8b5aa48cf312bc libtiff-4.0.3-4-x86_64.pkg.tar.xz
37ad82dfe4b756bd78b4f75980788a0b libtirpc-0.2.4-1-x86_64.pkg.tar.xz
ce3c388faa6ddcd7fa41c7868fc8f3a3 libunistring-0.9.3-6-x86_64.pkg.tar.xz
bd8e34873461f975e695d3c84830cae1 libusb-1.0.19-1-x86_64.pkg.tar.xz
4d30be00aa6c1e2ef03a444d54baf89e libutil-linux-2.24.2-1-x86_64.pkg.tar.xz
5c1e778bc2c0c3166572985d9000d9b2 libx11-1.6.2-2-x86_64.pkg.tar.xz
79b35169310aae2691d8d09f10070ea6 libxau-1.0.8-2-x86_64.pkg.tar.xz
0e7d6928668fcb1103aea4e6b99b51cf libxcb-1.10-2-x86_64.pkg.tar.xz
a95efa0cc9ff937632da348847b3014b libxdmcp-1.1.1-2-x86_64.pkg.tar.xz
425a73567787002bd8e53d973fb915ad libxext-1.3.2-1-x86_64.pkg.tar.xz
5f7bf2aba04e0d27ee8456556e431a32 libxmu-1.1.2-1-x86_64.pkg.tar.xz
9b1a3403e6bba49723183a3b173826f4 libxt-1.1.4-1-x86_64.pkg.tar.xz
md5sum: licenses-20140629-1-any.pkg.tar.xz: No such file or directory
82d463bfcfcc161905eb60a9b9554e4f linux-3.15.4-1-x86_64.pkg.tar.xz
b54b93a1621cbeb2b0f29564bb300000 linux-api-headers-3.14.1-1-x86_64.pkg.tar.xz
dc2fa6ba19fd5dc2f8328199213718b4 linux-firmware-20140603.a4f3bc0-1-any.pkg.tar.xz
077825f0af5cf29e0a3ceee98584b9ee logrotate-3.8.7-3-x86_64.pkg.tar.xz
md5sum: lvm2-2.02.106-2-x86_64.pkg.tar.xz: No such file or directory
1a076b15a9c19235419afe735f52135c lzo2-2.08-1-x86_64.pkg.tar.xz
454f869ab647e83f536fcba1d225bc2c man-db-2.6.7.1-1-x86_64.pkg.tar.xz
c08035699aa867e0e333da7c18c88e31 man-pages-3.69-1-any.pkg.tar.xz
d30f5b87edd7a473a978da54dd073986 mdadm-3.3.1-2-x86_64.pkg.tar.xz
281a717c94e6c0f8087a54c8f1480e60 mkinitcpio-17-1-any.pkg.tar.xz
561aec25b7b814540d27ce78a63354f4 mkinitcpio-busybox-1.21.1-2-x86_64.pkg.tar.xz
1974a88ea8d89d9fdcaf58eea2010ec3 mpfr-3.1.2.p10-1-x86_64.pkg.tar.xz
md5sum: nano-2.2.6-3-x86_64.pkg.tar.xz: No such file or directory
c23d657ec8f0385ad3713f65056e1bcd ncurses-5.9-6-x86_64.pkg.tar.xz
d9574bd37a032ff1694cc34b49feb55e netctl-1.8-1-any.pkg.tar.xz
3f1ef4024bf75f16b71355b367ecc7ac net-tools-1.60.20130531git-1-x86_64.pkg.tar.xz
441bab3c1a46dc32c4d4424f9e621b5f nspr-4.10.6-1-x86_64.pkg.tar.xz
b5eeeaeb02dbf3e65fe36803b0f923fb nss-3.16.1-1-x86_64.pkg.tar.xz
e84eff885a179eeb04f46621faa3c9f4 openresolv-3.5.6-1-any.pkg.tar.xz
c40a709ea59b0d63ed2d171120c0d4c7 openssh-6.6p1-2-x86_64.pkg.tar.xz
7123c41ecc3b4ff608da400467aad90a openssl-1.0.1.h-1-x86_64.pkg.tar.xz
60bcd228079651798f3d07cb49626c57 pacman-4.1.2-6-x86_64.pkg.tar.xz
53e3b4795c90ea261a1a40980ec32d84 pacman-mirrorlist-20140706-1-any.pkg.tar.xz
23a35b528ddb8b033e2ede586583e715 pam-1.1.8-5-x86_64.pkg.tar.xz
57e908871a70313e56882eedf336c00f pambase-20130928-1-any.pkg.tar.xz
019b594f75aa869c0475f627966549cf pciutils-3.2.1-1-x86_64.pkg.tar.xz
0cc07d3d7b07bb0059b26fbd0f9b0efc pcmciautils-018-7-x86_64.pkg.tar.xz
ef49c20223211530f732e07dbcaf76b2 pcre-8.35-1-x86_64.pkg.tar.xz
b1fec00ee18383d28ec5c0b30e0ae360 perl-5.20.0-5-x86_64.pkg.tar.xz
aa34c0884b2a707e3ee33608f683e163 pinentry-0.8.3-1-x86_64.pkg.tar.xz
5908046444d5c748fa229ca547913a8b popt-1.16-7-x86_64.pkg.tar.xz
e50062aea105aed458533f87cc29824c procps-ng-3.3.9-3-x86_64.pkg.tar.xz
eec6b1625528583e89bde0dfb8d78bc6 psmisc-22.21-2-x86_64.pkg.tar.xz
8763ce66fceb56e643409b40ff3db905 pth-2.0.7-5-x86_64.pkg.tar.xz
bd6a535742b66589eb51f0cc05050a08 readline-6.3.006-1-x86_64.pkg.tar.xz
af097aed21ff169f6d932f5171a92b74 reiserfsprogs-3.6.24-1-x86_64.pkg.tar.xz
25cd6b95ea3580c7baffe60771fffbc3 run-parts-4.4-1-x86_64.pkg.tar.xz
md5sum: screen-4.2.1-2-x86_64.pkg.tar.xz: No such file or directory
b463fc8ea77a12854b5f2bedb296d016 sed-4.2.2-3-x86_64.pkg.tar.xz
7a34ed461479ed3736747ef918c3b713 shadow-4.2.1-1-x86_64.pkg.tar.xz
md5sum: s-nail-14.7.1-1-x86_64.pkg.tar.xz: No such file or directory
3a3b2414aab20539ff5ed5ec4dbc5207 sqlite-3.8.5-1-x86_64.pkg.tar.xz
ebde21a83bb2835ffdb5d7582c3a2f04 sysfsutils-2.1.0-9-x86_64.pkg.tar.xz
9c829b26b2c36811211ba70e8eb02bc9 systemd-214-2-x86_64.pkg.tar.xz
6ae334e1616fe507915fb9132277a556 systemd-sysvcompat-214-2-x86_64.pkg.tar.xz
0b4160a068fb35d4c1a4adda2ce7fab2 tar-1.27.1-1-x86_64.pkg.tar.xz
49a79c25f91fb1519a6eefab3078fa19 texinfo-5.2-2-x86_64.pkg.tar.xz
b9cf575f102f4d1aef0dbd6a737e32b3 tzdata-2014e-1-any.pkg.tar.xz
d25f018c960d7dfbed40a4092043ce9c usbutils-007-1-x86_64.pkg.tar.xz
74d8d8fb3f996d7f05c6163cf96353f5 util-linux-2.24.2-1-x86_64.pkg.tar.xz
md5sum: vi-1:050325-4-x86_64.pkg.tar.xz: No such file or directory
d542d1923bae50cdb0a51615c6c11932 wget-1.15-1-x86_64.pkg.tar.xz
7132ebb9f86395e054d60f2f92226a9e which-2.20-6-x86_64.pkg.tar.xz
2af841089e48dc9b04a5fcfbbaf3d18d xcb-proto-1.10-2-any.pkg.tar.xz
md5sum: xdg-utils-1.1.0.git20140426-1-any.pkg.tar.xz: No such file or directory
2692d32a9f9a34ad8c5870a25c48a2e1 xextproto-7.3.0-1-any.pkg.tar.xz
md5sum: xfsprogs-3.2.0-1-x86_64.pkg.tar.xz: No such file or directory
3e156f46f5c5d43d00135f6d61226ec0 xorg-xset-1.2.3-1-x86_64.pkg.tar.xz
d9bf1451f2d3d3dc468cf2595927e760 xproto-7.0.26-1-any.pkg.tar.xz
dffd7d52f16ae499f2416c3fc9efa15b xz-5.0.5-2-x86_64.pkg.tar.xz
daccb81e332c9aef20c5e9d4ce7800f7 zlib-1.2.8-3-x86_64.pkg.tar.xzLast edited by Cloudef (2014-07-12 09:39:29)
Offline
#11 2014-07-12 09:38:57
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
Here is a comparison with the same packages on another machine installed the day before that one:
[sakis@sakis-arch-lap pkg]$ for i in $(cat /home/sakis/md5); do echo "$(cut -f1 -d' ' <<< $i) $(cut -f1 -d' ' <<< $(md5sum $(cut -f3 -d' ' <<< $i))) $(cut -f3 -d' ' <<< $i)"; if ! [ "$(cut -f1 -d' ' <<< $i)" == "$(cut -f1 -d' ' <<< $(md5sum $(cut -f3 -d' ' <<< $i)))" ] ; then echo "DIFFfor i in $(cat /home/sakis/md5); do echo "$(cut -f1 -d' ' <<< $i)"; echo "$(cut -f1 -d' ' <<< $(md5sum $(cut -f3 -d' ' <<< $i)))"; done!" ; fi ; done
257b1b0874e3cbcc472fa78294ff91d9 257b1b0874e3cbcc472fa78294ff91d9 acl-2.2.52-2-x86_64.pkg.tar.xz
fbdff295f625165c82cfea1e40cc613c fbdff295f625165c82cfea1e40cc613c archlinux-keyring-20140220-1-any.pkg.tar.xz
59af7b76a24d53625818203ef469871f 59af7b76a24d53625818203ef469871f attr-2.4.47-1-x86_64.pkg.tar.xz
28d48b01c64addec156949603e276063 28d48b01c64addec156949603e276063 bash-4.3.018-3-x86_64.pkg.tar.xz
3336e17254816d80b89e68360361e98d 3336e17254816d80b89e68360361e98d bzip2-1.0.6-5-x86_64.pkg.tar.xz
91b3332532dad71a43e671bce11ac685 91b3332532dad71a43e671bce11ac685 ca-certificates-20140325-1-any.pkg.tar.xz
1a20d1722f1f52f8cc0bad86dfe97964 1a20d1722f1f52f8cc0bad86dfe97964 ca-certificates-java-20140324-3-any.pkg.tar.xz
cc5c2c7c86bc3285a71cb64272479a5a cc5c2c7c86bc3285a71cb64272479a5a coreutils-8.22-4-x86_64.pkg.tar.xz
aa0a15cb5b63b74437469292717461b2 aa0a15cb5b63b74437469292717461b2 cracklib-2.9.0-2-x86_64.pkg.tar.xz
6ed93cc586d4d3736189fe3c631df643 6ed93cc586d4d3736189fe3c631df643 cryptsetup-1.6.4-1-x86_64.pkg.tar.xz
652d773914ed349cf3268ac53fd05d86 652d773914ed349cf3268ac53fd05d86 curl-7.37.0-1-x86_64.pkg.tar.xz
fd66f1f94cf34c9bc9c21f44522514b2 fd66f1f94cf34c9bc9c21f44522514b2 db-5.3.28-1-x86_64.pkg.tar.xz
2be15e80233530a0e24de57d4f59c453 2be15e80233530a0e24de57d4f59c453 dbus-1.8.4-1-x86_64.pkg.tar.xz
c4d5e466f1699abd093ad42fd07dc9fa c4d5e466f1699abd093ad42fd07dc9fa device-mapper-2.02.106-2-x86_64.pkg.tar.xz
890c30264b30077d77a57790fdad3aed 890c30264b30077d77a57790fdad3aed dhcpcd-6.4.0-1-x86_64.pkg.tar.xz
1f9854cb4c508f59820db0a6d0caf4e7 1f9854cb4c508f59820db0a6d0caf4e7 diffutils-3.3-1-x86_64.pkg.tar.xz
c41c57515b00010700b4fe52f635d30c c41c57515b00010700b4fe52f635d30c dirmngr-1.1.1-2-x86_64.pkg.tar.xz
9f3d2fafe63fff73c6ceea66631d4f20 9f3d2fafe63fff73c6ceea66631d4f20 dnssec-anchors-20140629-1-any.pkg.tar.xz
4f49bca64d4aa50953c961421bb8fb8e 4f49bca64d4aa50953c961421bb8fb8e e2fsprogs-1.42.10-1-x86_64.pkg.tar.xz
27eece2d36c20f560288d7d912fc29a0 27eece2d36c20f560288d7d912fc29a0 expat-2.1.0-3-x86_64.pkg.tar.xz
ff91310cc2d68bbb23e3d4f0fb504ec0 ff91310cc2d68bbb23e3d4f0fb504ec0 file-5.19-1-x86_64.pkg.tar.xz
10960ca393e699b63e0c3e88a35d3495 10960ca393e699b63e0c3e88a35d3495 filesystem-2014.06-2-x86_64.pkg.tar.xz
bf2ddac3c5f83b40b18dc822342ead73 bf2ddac3c5f83b40b18dc822342ead73 findutils-4.4.2-6-x86_64.pkg.tar.xz
b9e4ddc783d564e67ab4e0e0e1a59cbb b9e4ddc783d564e67ab4e0e0e1a59cbb gawk-4.1.1-1-x86_64.pkg.tar.xz
fab97f359d457c3a2fe37a19858cca8f fab97f359d457c3a2fe37a19858cca8f gcc-libs-4.9.0-5-x86_64.pkg.tar.xz
41ef75dc16d0d48e061db6c08ce6ce8e 41ef75dc16d0d48e061db6c08ce6ce8e gdbm-1.11-1-x86_64.pkg.tar.xz
6a14346f1a30453f3e1dbb4fca1b5762 6a14346f1a30453f3e1dbb4fca1b5762 gettext-0.19.1-1-x86_64.pkg.tar.xz
8760bff651fae3cbf0465847d7a58df0 8760bff651fae3cbf0465847d7a58df0 glib2-2.40.0-1-x86_64.pkg.tar.xz
c31a8338c238d600318102a80dc8c93b c31a8338c238d600318102a80dc8c93b glibc-2.19-5-x86_64.pkg.tar.xz
c62dc997110189d3bd09a90e6a5decee c62dc997110189d3bd09a90e6a5decee gmp-6.0.0-1-x86_64.pkg.tar.xz
34705e0b09b52b9d57508b5c2c4253e0 34705e0b09b52b9d57508b5c2c4253e0 gnupg-2.0.25-1-x86_64.pkg.tar.xz
6838963a4c2af9a8855681cece833f4d 6838963a4c2af9a8855681cece833f4d gpgme-1.5.0-1-x86_64.pkg.tar.xz
375fec2b64268b55c690522aa6218078 375fec2b64268b55c690522aa6218078 grep-2.20-1-x86_64.pkg.tar.xz
cb7ae4f4469970c6a90bdbcd2d468dde cb7ae4f4469970c6a90bdbcd2d468dde groff-1.22.2-6-x86_64.pkg.tar.xz
6d40ca6fff1b90bedb53c46e2f0565ef 6d40ca6fff1b90bedb53c46e2f0565ef grub-1:2.02.beta2-4-x86_64.pkg.tar.xz
70c4aaa46fcfd448b9981ba2e9d74889 70c4aaa46fcfd448b9981ba2e9d74889 gzip-1.6-1-x86_64.pkg.tar.xz
836ac75c11b71ff00a02b9aacfe9fdba 836ac75c11b71ff00a02b9aacfe9fdba hicolor-icon-theme-0.13-1-any.pkg.tar.xz
6d22dc8ff2f0e4f2fa837cc6e8e24833 6d22dc8ff2f0e4f2fa837cc6e8e24833 hwids-20140602-1-any.pkg.tar.xz
03df384f43dbfe017fb0fbbe83c97bea 03df384f43dbfe017fb0fbbe83c97bea iana-etc-2.30-4-any.pkg.tar.xz
a3e0216f86952d5a4e7b2eab0bfece54 a3e0216f86952d5a4e7b2eab0bfece54 inetutils-1.9.2-1-x86_64.pkg.tar.xz
131c066da1b8e1beaf196573d4ff202e 131c066da1b8e1beaf196573d4ff202e iproute2-3.14.0-1-x86_64.pkg.tar.xz
3a52275159204ae26936604c35cb8a88 3a52275159204ae26936604c35cb8a88 iptables-1.4.21-1-x86_64.pkg.tar.xz
3e709ae9521113b097dc873325fa2fd3 3e709ae9521113b097dc873325fa2fd3 iputils-20121221-3-x86_64.pkg.tar.xz
57fbfdec13fd7913811503f58c5d4229 57fbfdec13fd7913811503f58c5d4229 jfsutils-1.1.15-4-x86_64.pkg.tar.xz
8fa1e912c1d5e1f395372730e0c8d8db 8fa1e912c1d5e1f395372730e0c8d8db jre7-openjdk-7.u60_2.5.0-3-x86_64.pkg.tar.xz
8598713eeb1a5f47f11746868b7480ac 8598713eeb1a5f47f11746868b7480ac jre7-openjdk-headless-7.u60_2.5.0-3-x86_64.pkg.tar.xz
f84d2320e499babe55ef0e7974c7d4e4 f84d2320e499babe55ef0e7974c7d4e4 kbd-2.0.1-1-x86_64.pkg.tar.xz
62eccdb76e098a947d8c7d0b476406ba 62eccdb76e098a947d8c7d0b476406ba kbproto-1.0.6-2-any.pkg.tar.xz
d4ff87b55c7ae7385d52479571eb8141 d4ff87b55c7ae7385d52479571eb8141 keyutils-1.5.9-1-x86_64.pkg.tar.xz
8c836df3d10950e0615f8e74c5eb7fbe 8c836df3d10950e0615f8e74c5eb7fbe kmod-18-1-x86_64.pkg.tar.xz
54015b2531d42386330868162efc203b 54015b2531d42386330868162efc203b krb5-1.12.1-1-x86_64.pkg.tar.xz
24b47898187f58e8411d5626207072e4 24b47898187f58e8411d5626207072e4 lcms2-2.6-1-x86_64.pkg.tar.xz
74ee058f2e24f0128d55a548082e5478 74ee058f2e24f0128d55a548082e5478 ldns-1.6.17-1-x86_64.pkg.tar.xz
5dd1fb7cdbb4b4a866332b0be694d1d1 5dd1fb7cdbb4b4a866332b0be694d1d1 less-458-1-x86_64.pkg.tar.xz
fdc3cf0733d89df2b1e6f6c32558095c fdc3cf0733d89df2b1e6f6c32558095c libarchive-3.1.2-6-x86_64.pkg.tar.xz
3c8ec55db7c0df71b76ffca4da414cec 3c8ec55db7c0df71b76ffca4da414cec libassuan-2.1.1-1-x86_64.pkg.tar.xz
76f5af497d16b89374fab8b146bfbb8e 76f5af497d16b89374fab8b146bfbb8e libcap-2.24-1-x86_64.pkg.tar.xz
83bc7b6b9af3f2685ac39a1d6265f00b 83bc7b6b9af3f2685ac39a1d6265f00b libdbus-1.8.4-1-x86_64.pkg.tar.xz
b3734b98caedc96fa9bcad1e0e8e178c b3734b98caedc96fa9bcad1e0e8e178c libedit-20140213_3.1-1-x86_64.pkg.tar.xz
b1c215ace9d0a6bd48375eba50c30af7 b1c215ace9d0a6bd48375eba50c30af7 libffi-3.1-2-x86_64.pkg.tar.xz
ad4602934217c03d464380458dfc9149 ad4602934217c03d464380458dfc9149 libgcrypt-1.6.1-1-x86_64.pkg.tar.xz
db5d30d06861cb4166a5f2bff5b35f12 db5d30d06861cb4166a5f2bff5b35f12 libgpg-error-1.13-1-x86_64.pkg.tar.xz
cec19bfba159b817f9794d8bf584b773 cec19bfba159b817f9794d8bf584b773 libice-1.0.9-1-x86_64.pkg.tar.xz
7541b0927356375c4bb6209c4fda100f 7541b0927356375c4bb6209c4fda100f libidn-1.28-2-x86_64.pkg.tar.xz
eff719d5c4fe3c44ef7d165e2d7a17a0 eff719d5c4fe3c44ef7d165e2d7a17a0 libjpeg-turbo-1.3.1-1-x86_64.pkg.tar.xz
de462a3f86a04a27e92d910f5df40393 de462a3f86a04a27e92d910f5df40393 libksba-1.3.0-1-x86_64.pkg.tar.xz
a33cc730d75f54524d971f6e4163d629 a33cc730d75f54524d971f6e4163d629 libldap-2.4.39-1-x86_64.pkg.tar.xz
06842cbd0ca1d21f13162d9701c3199d 06842cbd0ca1d21f13162d9701c3199d libpipeline-1.3.0-1-x86_64.pkg.tar.xz
697ac4466186240d0cc908c0039fd869 697ac4466186240d0cc908c0039fd869 libsasl-2.1.26-7-x86_64.pkg.tar.xz
9d603ac70a9c894233dbe65790c919e3 9d603ac70a9c894233dbe65790c919e3 libseccomp-2.1.1-1-x86_64.pkg.tar.xz
a66e13f7cb014d755917007f8d257ea7 a66e13f7cb014d755917007f8d257ea7 libsm-1.2.2-2-x86_64.pkg.tar.xz
9a14c9705697e742165d31cfa8fb4010 9a14c9705697e742165d31cfa8fb4010 libssh2-1.4.3-2-x86_64.pkg.tar.xz
3304b7b374688a9d40ae259c9ac62725 3304b7b374688a9d40ae259c9ac62725 libsystemd-214-2-x86_64.pkg.tar.xz
8b0e65c14080eabd1f8b5aa48cf312bc 8b0e65c14080eabd1f8b5aa48cf312bc libtiff-4.0.3-4-x86_64.pkg.tar.xz
37ad82dfe4b756bd78b4f75980788a0b 37ad82dfe4b756bd78b4f75980788a0b libtirpc-0.2.4-1-x86_64.pkg.tar.xz
ce3c388faa6ddcd7fa41c7868fc8f3a3 ce3c388faa6ddcd7fa41c7868fc8f3a3 libunistring-0.9.3-6-x86_64.pkg.tar.xz
bd8e34873461f975e695d3c84830cae1 bd8e34873461f975e695d3c84830cae1 libusb-1.0.19-1-x86_64.pkg.tar.xz
4d30be00aa6c1e2ef03a444d54baf89e 4d30be00aa6c1e2ef03a444d54baf89e libutil-linux-2.24.2-1-x86_64.pkg.tar.xz
5c1e778bc2c0c3166572985d9000d9b2 5c1e778bc2c0c3166572985d9000d9b2 libx11-1.6.2-2-x86_64.pkg.tar.xz
79b35169310aae2691d8d09f10070ea6 79b35169310aae2691d8d09f10070ea6 libxau-1.0.8-2-x86_64.pkg.tar.xz
0e7d6928668fcb1103aea4e6b99b51cf 0e7d6928668fcb1103aea4e6b99b51cf libxcb-1.10-2-x86_64.pkg.tar.xz
a95efa0cc9ff937632da348847b3014b a95efa0cc9ff937632da348847b3014b libxdmcp-1.1.1-2-x86_64.pkg.tar.xz
425a73567787002bd8e53d973fb915ad 425a73567787002bd8e53d973fb915ad libxext-1.3.2-1-x86_64.pkg.tar.xz
5f7bf2aba04e0d27ee8456556e431a32 5f7bf2aba04e0d27ee8456556e431a32 libxmu-1.1.2-1-x86_64.pkg.tar.xz
9b1a3403e6bba49723183a3b173826f4 9b1a3403e6bba49723183a3b173826f4 libxt-1.1.4-1-x86_64.pkg.tar.xz
9d3ab130984e4a5f57e584b6910f934c 9d3ab130984e4a5f57e584b6910f934c licenses-20140629-1-any.pkg.tar.xz
82d463bfcfcc161905eb60a9b9554e4f 82d463bfcfcc161905eb60a9b9554e4f linux-3.15.4-1-x86_64.pkg.tar.xz
b54b93a1621cbeb2b0f29564bb300000 b54b93a1621cbeb2b0f29564bb300000 linux-api-headers-3.14.1-1-x86_64.pkg.tar.xz
dc2fa6ba19fd5dc2f8328199213718b4 dc2fa6ba19fd5dc2f8328199213718b4 linux-firmware-20140603.a4f3bc0-1-any.pkg.tar.xz
077825f0af5cf29e0a3ceee98584b9ee 077825f0af5cf29e0a3ceee98584b9ee logrotate-3.8.7-3-x86_64.pkg.tar.xz
d6e14c4ce19f639d30a84a92be92b309 d6e14c4ce19f639d30a84a92be92b309 lvm2-2.02.106-2-x86_64.pkg.tar.xz
1a076b15a9c19235419afe735f52135c 1a076b15a9c19235419afe735f52135c lzo2-2.08-1-x86_64.pkg.tar.xz
454f869ab647e83f536fcba1d225bc2c 454f869ab647e83f536fcba1d225bc2c man-db-2.6.7.1-1-x86_64.pkg.tar.xz
c08035699aa867e0e333da7c18c88e31 c08035699aa867e0e333da7c18c88e31 man-pages-3.69-1-any.pkg.tar.xz
d30f5b87edd7a473a978da54dd073986 d30f5b87edd7a473a978da54dd073986 mdadm-3.3.1-2-x86_64.pkg.tar.xz
281a717c94e6c0f8087a54c8f1480e60 281a717c94e6c0f8087a54c8f1480e60 mkinitcpio-17-1-any.pkg.tar.xz
561aec25b7b814540d27ce78a63354f4 561aec25b7b814540d27ce78a63354f4 mkinitcpio-busybox-1.21.1-2-x86_64.pkg.tar.xz
1974a88ea8d89d9fdcaf58eea2010ec3 1974a88ea8d89d9fdcaf58eea2010ec3 mpfr-3.1.2.p10-1-x86_64.pkg.tar.xz
1441335aab5fefaa503ea8fbc5c376b4 1441335aab5fefaa503ea8fbc5c376b4 nano-2.2.6-3-x86_64.pkg.tar.xz
c23d657ec8f0385ad3713f65056e1bcd c23d657ec8f0385ad3713f65056e1bcd ncurses-5.9-6-x86_64.pkg.tar.xz
d9574bd37a032ff1694cc34b49feb55e d9574bd37a032ff1694cc34b49feb55e netctl-1.8-1-any.pkg.tar.xz
3f1ef4024bf75f16b71355b367ecc7ac 3f1ef4024bf75f16b71355b367ecc7ac net-tools-1.60.20130531git-1-x86_64.pkg.tar.xz
441bab3c1a46dc32c4d4424f9e621b5f 441bab3c1a46dc32c4d4424f9e621b5f nspr-4.10.6-1-x86_64.pkg.tar.xz
b5eeeaeb02dbf3e65fe36803b0f923fb b5eeeaeb02dbf3e65fe36803b0f923fb nss-3.16.1-1-x86_64.pkg.tar.xz
e84eff885a179eeb04f46621faa3c9f4 e84eff885a179eeb04f46621faa3c9f4 openresolv-3.5.6-1-any.pkg.tar.xz
c40a709ea59b0d63ed2d171120c0d4c7 c40a709ea59b0d63ed2d171120c0d4c7 openssh-6.6p1-2-x86_64.pkg.tar.xz
7123c41ecc3b4ff608da400467aad90a 7123c41ecc3b4ff608da400467aad90a openssl-1.0.1.h-1-x86_64.pkg.tar.xz
60bcd228079651798f3d07cb49626c57 60bcd228079651798f3d07cb49626c57 pacman-4.1.2-6-x86_64.pkg.tar.xz
53e3b4795c90ea261a1a40980ec32d84 53e3b4795c90ea261a1a40980ec32d84 pacman-mirrorlist-20140706-1-any.pkg.tar.xz
23a35b528ddb8b033e2ede586583e715 23a35b528ddb8b033e2ede586583e715 pam-1.1.8-5-x86_64.pkg.tar.xz
57e908871a70313e56882eedf336c00f 57e908871a70313e56882eedf336c00f pambase-20130928-1-any.pkg.tar.xz
019b594f75aa869c0475f627966549cf 019b594f75aa869c0475f627966549cf pciutils-3.2.1-1-x86_64.pkg.tar.xz
0cc07d3d7b07bb0059b26fbd0f9b0efc 0cc07d3d7b07bb0059b26fbd0f9b0efc pcmciautils-018-7-x86_64.pkg.tar.xz
ef49c20223211530f732e07dbcaf76b2 ef49c20223211530f732e07dbcaf76b2 pcre-8.35-1-x86_64.pkg.tar.xz
b1fec00ee18383d28ec5c0b30e0ae360 b1fec00ee18383d28ec5c0b30e0ae360 perl-5.20.0-5-x86_64.pkg.tar.xz
aa34c0884b2a707e3ee33608f683e163 aa34c0884b2a707e3ee33608f683e163 pinentry-0.8.3-1-x86_64.pkg.tar.xz
5908046444d5c748fa229ca547913a8b 5908046444d5c748fa229ca547913a8b popt-1.16-7-x86_64.pkg.tar.xz
e50062aea105aed458533f87cc29824c e50062aea105aed458533f87cc29824c procps-ng-3.3.9-3-x86_64.pkg.tar.xz
eec6b1625528583e89bde0dfb8d78bc6 eec6b1625528583e89bde0dfb8d78bc6 psmisc-22.21-2-x86_64.pkg.tar.xz
8763ce66fceb56e643409b40ff3db905 8763ce66fceb56e643409b40ff3db905 pth-2.0.7-5-x86_64.pkg.tar.xz
bd6a535742b66589eb51f0cc05050a08 bd6a535742b66589eb51f0cc05050a08 readline-6.3.006-1-x86_64.pkg.tar.xz
af097aed21ff169f6d932f5171a92b74 af097aed21ff169f6d932f5171a92b74 reiserfsprogs-3.6.24-1-x86_64.pkg.tar.xz
25cd6b95ea3580c7baffe60771fffbc3 25cd6b95ea3580c7baffe60771fffbc3 run-parts-4.4-1-x86_64.pkg.tar.xz
e1c106c1f78153d29ed0eda536452bdc e1c106c1f78153d29ed0eda536452bdc screen-4.2.1-2-x86_64.pkg.tar.xz
b463fc8ea77a12854b5f2bedb296d016 b463fc8ea77a12854b5f2bedb296d016 sed-4.2.2-3-x86_64.pkg.tar.xz
7a34ed461479ed3736747ef918c3b713 7a34ed461479ed3736747ef918c3b713 shadow-4.2.1-1-x86_64.pkg.tar.xz
b532159519b1aa19bfb5ec88bda900f8 b532159519b1aa19bfb5ec88bda900f8 s-nail-14.7.1-1-x86_64.pkg.tar.xz
3a3b2414aab20539ff5ed5ec4dbc5207 3a3b2414aab20539ff5ed5ec4dbc5207 sqlite-3.8.5-1-x86_64.pkg.tar.xz
ebde21a83bb2835ffdb5d7582c3a2f04 ebde21a83bb2835ffdb5d7582c3a2f04 sysfsutils-2.1.0-9-x86_64.pkg.tar.xz
9c829b26b2c36811211ba70e8eb02bc9 9c829b26b2c36811211ba70e8eb02bc9 systemd-214-2-x86_64.pkg.tar.xz
6ae334e1616fe507915fb9132277a556 6ae334e1616fe507915fb9132277a556 systemd-sysvcompat-214-2-x86_64.pkg.tar.xz
0b4160a068fb35d4c1a4adda2ce7fab2 0b4160a068fb35d4c1a4adda2ce7fab2 tar-1.27.1-1-x86_64.pkg.tar.xz
49a79c25f91fb1519a6eefab3078fa19 49a79c25f91fb1519a6eefab3078fa19 texinfo-5.2-2-x86_64.pkg.tar.xz
b9cf575f102f4d1aef0dbd6a737e32b3 b9cf575f102f4d1aef0dbd6a737e32b3 tzdata-2014e-1-any.pkg.tar.xz
d25f018c960d7dfbed40a4092043ce9c d25f018c960d7dfbed40a4092043ce9c usbutils-007-1-x86_64.pkg.tar.xz
74d8d8fb3f996d7f05c6163cf96353f5 74d8d8fb3f996d7f05c6163cf96353f5 util-linux-2.24.2-1-x86_64.pkg.tar.xz
342c99609897c8bba5c82bb5ad165734 342c99609897c8bba5c82bb5ad165734 vi-1:050325-4-x86_64.pkg.tar.xz
d542d1923bae50cdb0a51615c6c11932 d542d1923bae50cdb0a51615c6c11932 wget-1.15-1-x86_64.pkg.tar.xz
7132ebb9f86395e054d60f2f92226a9e 7132ebb9f86395e054d60f2f92226a9e which-2.20-6-x86_64.pkg.tar.xz
2af841089e48dc9b04a5fcfbbaf3d18d 2af841089e48dc9b04a5fcfbbaf3d18d xcb-proto-1.10-2-any.pkg.tar.xz
5e7d532832f80f0bb011761ff1eb3e95 5e7d532832f80f0bb011761ff1eb3e95 xdg-utils-1.1.0.git20140426-1-any.pkg.tar.xz
2692d32a9f9a34ad8c5870a25c48a2e1 2692d32a9f9a34ad8c5870a25c48a2e1 xextproto-7.3.0-1-any.pkg.tar.xz
69e02d1689b5cab74adac4aa7635418c 69e02d1689b5cab74adac4aa7635418c xfsprogs-3.2.0-1-x86_64.pkg.tar.xz
3e156f46f5c5d43d00135f6d61226ec0 3e156f46f5c5d43d00135f6d61226ec0 xorg-xset-1.2.3-1-x86_64.pkg.tar.xz
d9bf1451f2d3d3dc468cf2595927e760 d9bf1451f2d3d3dc468cf2595927e760 xproto-7.0.26-1-any.pkg.tar.xz
dffd7d52f16ae499f2416c3fc9efa15b dffd7d52f16ae499f2416c3fc9efa15b xz-5.0.5-2-x86_64.pkg.tar.xz
daccb81e332c9aef20c5e9d4ce7800f7 daccb81e332c9aef20c5e9d4ce7800f7 zlib-1.2.8-3-x86_64.pkg.tar.xzI hope I haven't messed the script.
The packages were all installed on the machine that seems to not be affected, except for one: screen. I dnownloaded screen with "pacman -Sw screen".
So all packeges seem to be the same. Maybe that rules out pacman and packeges as a source. hmm
Last edited by sakishrist (2014-07-12 09:40:23)
Offline
#12 2014-07-12 09:45:28
- Cloudef
- Member
- Registered: 2010-10-12
- Posts: 636
Re: [SOLVED] Weird processes
I have feeling there is nothing wrong with the packages. Lets look at other views.
Did you have SSH server on and do you have logs for ssh sessions?
(was there any way for remote to gain root access for period of time?)
Those binaries must have come from somewhere.
Last edited by Cloudef (2014-07-12 09:47:09)
Offline
#13 2014-07-12 09:58:29
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
Extract from journalctl. Seems like Cloudef is right i think.
Jul 11 18:40:01 mc-arch sshd[296]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.181 user=root
Jul 11 18:40:01 mc-arch sshd[296]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 11 18:40:06 mc-arch sshd[300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.181 user=root
Jul 11 18:40:08 mc-arch sshd[300]: Failed password for root from 116.10.191.181 port 53687 ssh2
Jul 11 18:40:10 mc-arch sshd[300]: Failed password for root from 116.10.191.181 port 53687 ssh2
Jul 11 18:40:11 mc-arch sshd[300]: Accepted password for root from 116.10.191.181 port 53687 ssh2
Jul 11 18:40:11 mc-arch sshd[300]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 11 18:40:11 mc-arch systemd[302]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Jul 11 18:40:12 mc-arch sshd[300]: pam_unix(sshd:session): session closed for user root
Jul 11 18:43:59 mc-arch sshd[314]: Accepted password for root from 116.10.191.181 port 5495 ssh2
Jul 11 18:43:59 mc-arch sshd[314]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 11 18:43:59 mc-arch systemd[316]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Jul 11 18:44:38 mc-arch sshd[447]: reverse mapping checking getaddrinfo for 213.50.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.50.213] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 11 18:44:41 mc-arch sshd[447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.50.213 user=root
Jul 11 18:44:43 mc-arch sshd[447]: Failed password for root from 61.174.50.213 port 5135 ssh2
Jul 11 18:44:48 mc-arch sshd[447]: Failed password for root from 61.174.50.213 port 5135 ssh2
Jul 11 18:44:51 mc-arch sshd[447]: Failed password for root from 61.174.50.213 port 5135 ssh2
Jul 11 18:44:53 mc-arch sshd[447]: Failed password for root from 61.174.50.213 port 5135 ssh2
Jul 11 18:44:55 mc-arch sshd[449]: reverse mapping checking getaddrinfo for 213.50.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.50.213] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 11 18:44:56 mc-arch sshd[447]: Failed password for root from 61.174.50.213 port 5135 ssh2
Jul 11 18:44:59 mc-arch sshd[447]: Failed password for root from 61.174.50.213 port 5135 ssh2
Jul 11 18:44:59 mc-arch sshd[447]: Disconnecting: Too many authentication failures for root [preauth]Offline
#14 2014-07-12 10:01:37
- Cloudef
- Member
- Registered: 2010-10-12
- Posts: 636
Re: [SOLVED] Weird processes
Seems highly possible you got attacked. Most likely botnet with different IPs.
To avoid this in future disable root login from SSH daemon configuration and only allow key logins, maybe change port if you feel like it.
Anyways, there might be possibility something else was tampered or that rootkit changed important files, I suggest wiping whole disk and redoing this install.
Offline
#15 2014-07-12 10:09:37
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
Ok, well, thanks everyone for the help, now that we found out where it might be originating from, I can get rid of this thing.
Offline
#16 2014-07-12 12:00:13
- HiImTye
- Member
- From: Halifax, NS, Canada
- Registered: 2012-05-09
- Posts: 1,072
Re: [SOLVED] Weird processes
also, use something like denyhosts, or use one of iptables' --limit, or ufw's limit options
Offline
#17 2014-07-27 19:19:29
- klausenbusk
- Member
- Registered: 2012-08-04
- Posts: 16
Re: [SOLVED] Weird processes
I also got this.. I'm not sure how i got it.. The first files are from 10 jan 2014.. I use /etc/iptables/simple_firewall.rules, and only disable firewall and start ssh, when i need to transfer files, and that is always behind nat. My root wasn't disabled and sshd did allow root login. But i only think root user have been enabled for like < 1 month (passwd -l root).
[kristian@arch-hp-laptop etc]$ ls -l | grep -- "-rwsrwsrwt"
-rwsrwsrwt 1 root root 487664 29 nov 2013 dsfrefr
-rwsrwsrwt 1 root root 487672 20 jul 08:52 ferwfrre
-rwsrwsrwt 1 root root 487672 29 nov 2013 gfhddsfew
-rwsrwsrwt 1 root root 487664 31 jan 14:06 gfhjrtfyhuf
-rwsrwsrwt 1 root root 1521642 16 jun 18:44 nhgbhhj
-rwsrwsrwt 1 root root 487664 10 jan 2014 sdmfdsfhjfe
-rwsrwsrwt 1 root root 1135000 27 jul 00:01 sfewfesfs
[kristian@arch-hp-laptop etc]$ md5sum dsfrefr ferwfrre gfhddsfew gfhjrtfyhuf nhgbhhj sdmfdsfhjfe sfewfesfs
eb234cee4ff769f2b38129bc164809d2 dsfrefr
a0a58f8a44b22d551a620b5b0ef34684 ferwfrre
0c1cac2a019aa1cc2dcc0d3b17fc4477 gfhddsfew
8cdb7abd20cf64764812cfccc90cb3dc gfhjrtfyhuf
d40f01329107e2ed1535d3b2e9ed1ed9 nhgbhhj
9151edcd6845b8aeae7fba1315572f01 sdmfdsfhjfe
b7765076af036583fc81a50bd0b2a663 sfewfesfs
[kristian@arch-hp-laptop etc]$ md5sum ssh/sshpa
d40f01329107e2ed1535d3b2e9ed1ed9 ssh/sshpaEdit: Im stupid 
Started SSHD without firewall with a public ip..
jul 26 20:23:33 arch-hp-laptop sshd[3955]: Accepted password for root from 61.174.51.217 port 36585 ssh2Last edited by klausenbusk (2014-07-27 19:38:38)
Offline
#18 2014-07-28 19:58:38
- sakishrist
- Member
- Registered: 2012-03-04
- Posts: 42
Re: [SOLVED] Weird processes
Ouch! Hope you have a recent backup!
Offline