Hi John, John Ryan <jvryan@gmail.com> wrote :
Today, after booting up, I noticed that performance was slow, so I ran "top" and saw that user "nobody" was running a "find". I killed it immediately.
Do not do this again, please.
Who is this user?
A system user.
Is this normal, or do I have an intruder? If so, how should I proceed?
Absolutely normal, because "nobody" starts a process for indexing the contents of your harddrives. If you open up a console and do a "locate $whatever" or "find $whatever" this goes faster. "nobody" does this with invoking an "updatedb"-process and depending on the environment of the system this can dramatically slow down the system. Normally this process is "cron"ed to sometime at night, but if the system power is off, the "updatedb"-process is starting some minutes after the system is powered on. For more info: man updatedb bis dahin - kind regards Martin Mewes -- Member of the Webmin Translation Team http://www.webmin.com/ http://webmin.mamemu.de/ Debian, SuSE, Securityfocus and Webmin - Mailinglist mboxes http://www.mewes.tv/mbox/