I agree with Hans, did you turn on any monitoring programs ? Stat gathering, big brother, hobbit, nagios anything of this nature ? _____ From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Mark Phillips Sent: Wednesday, July 29, 2009 9:59 AM To: Main PLUG discussion list Subject: Re: Is there an ntop virus for Linux? On Wed, Jul 29, 2009 at 9:40 AM, Ryan Rix wrote: Mark Phillips wrote: > Whenever I start my Debian Lenny testing laptop a process called ntop starts > and quickly consumes 99% of my cpu. If I kill the process, nothing happens. > If I run ntop from the command line, it does what the man page says it does, > and hardly consumes any resources at all. There is an ntop in /etc/init.d/, > and when I run /etc/init.s/ntop it consumes very few resources - the script > calls /usr/sbin/ntop. There are no entries in the /var/log/ntop/access.log > file. > > My questions are: > > Do I have a virus masquerading as ntop, and if so how do I remove it? I > googled "linux ntop virus" and did not come up with anything useful. > > Can I just remove ntop from /etc/init.d/ ? > > How do I find out if another startup program needs ntop? > > Is ntop necessary at startup? > Are you monitoring your network usage? if not, probably safe to remove the /etc/rc.d/ hooks for it for the runlevel you are booting into. /etc/rc.d/rc5/XX-ntop <-- look for something like that if you are booting into runlevel 5 (full desktop) all in all, removing init.d scripts is a bad idea. If the init scripts in debian use LSB, the headers will tell you which (if any) require ntop. Does ps -aux list any options for ntop when it's run from init? Ryan Ryan, I am not monitoring network usage. This weird behavior just started a week or so ago. Here is what ps says when I start ntop: narwhale:/home/mark# ps aux | grep ntop ntop 10943 4.5 2.6 197824 27136 ? Ssl 09:49 0:00 /usr/sbin/ntop -d -L -u ntop -P /var/lib/ntop --access-log-file /var/log/ntop/access.log -i eth0,eth1 -p /etc/ntop/protocol.list -O /var/log/ntop I ran grep -nr "ntop" /etc/init.d and all references to ntop are from the ntop script, so I assume none of the other init.d scripts are calling ntop. Any other thoughts, or should I just disable ntop from init.d: update-rc.d -f ntop remove Mark P.S. Since I started ntop to check the output from ps, I let it run. And sure enough, after a few minutes, the fan started blowing hard and CPU usage went over 90% for ntop. Now I am really confused....I guess the real question is why do I need ntop to start my laptop?