0

UPDATE (7th Dec 2010) & WARNING: I copied the files discussed below (from the /var/tmp/vi.recover directory) to my Windows PC and sacnned with ESET NOD 32. It identifed two of the file (sshd: and juno) as the Linux/RST.B virus. Not sure if it is accurate in saying that but since the machine is a development server I'm going to re-build to be safe.

Hi,

I am getting the following in my cron log file (/var/log/cron) every minute...

Dec  2 12:23:01 ocalhost CROND[3189]: (apache) CMD (/var/tmp/vi.recover/update >/dev/null 2>&1)
Dec  2 12:24:01 ocalhost CROND[3200]: (apache) CMD (/var/tmp/vi.recover/update >/dev/null 2>&1)
Dec  2 12:25:01 ocalhost CROND[3210]: (apache) CMD (/var/tmp/vi.recover/update >/dev/null 2>&1)
Dec  2 12:26:01 ocalhost CROND[3218]: (apache) CMD (/var/tmp/vi.recover/update >/dev/null 2>&1)

Can anyone explain what they are?

I asume they are to do with recovering edits when Vi sessions are aborted. But, I don't understand why they are triggering every minute.

I also cannot find where this command appears in any of my cron files so cannot disable it.

Giacomo1968
  • 3,542
  • 27
  • 38
columbo
  • 219
  • 2
  • 12

1 Answers1

2

I've got the same thing. If you have root access, go to /var/spool/cron and check the files there. You'll probably find something like:

* * * * * /var/tmp/vi.recover/update >/dev/null 2>&1

In my case, it's in Apache's cron file. My symptom is that every time it runs, it spawns a sshd: process.

Giacomo1968
  • 3,542
  • 27
  • 38
Robert
  • 36
  • 1
  • Thanks alot! Yes mine spawns an sshd process each time to which I think is making my slab and buffer memory gradually creep up until it crashes the computer. I'm going to stop the blighter and see what happens. – columbo Dec 06 '10 at 11:50
  • If I had enough reputation I would have 'voted you up', I've been looking for that for ages. – columbo Dec 06 '10 at 11:51
  • The weird thing is for me that the sshd process it spawns is actually called sshd: and is located in the /var/tmp/vi.recover directory. I think it's not the proper sshd executable. I don't know how it got there but surely sshd has nothing to do with Vi's temorary recovery files. It's slightly worrying as there's other stuff in /var/tmp/vi.recover as well such as one called 'stealth' and 'juno' and 'kswap'. It's a development server so might rebuild. – columbo Dec 06 '10 at 12:16
  • If anyone reads this later. My problem was a cron job for the 'apache' user. As root user I did a 'sudo -u apache contab -e' and removed the job that looked like this: * * * * * /var/tmp/vi.recover/update >/dev/null 2>&1. I then rebooted and so far so good. I don't know what the cron job was for or how it got there. – columbo Dec 06 '10 at 17:00
  • Robert, if you see this please see my edit right at the top of my original question. I'm being told by my AV that I may have a virus so I would check for this on your machine as well. – columbo Dec 07 '10 at 09:36