Source of long running find process on server

Question

I'm wondering where a long running find process on my ubuntu linux server (14.04 LTS) came from and what the meaning of it is. Here is the output of ps:

16915 ?        SN    32:41 /usr/bin/find /tmp /var/tmp -type f -exec head -n 1 {} ;

According to top this causes quite some CPU load. As far as I understand it, it checks the first line of every file in /var/tmp and /tmp with head - so it does nothing besides causing load?

Can anybody tell me what this process is supposed to do and where it might come from? And, if not needed, how I can get rid of it? I killed it once, but it reappeared.

EDIT: The server is used as a web server with PHP, MySQL, Varnish - if you need to know more about the installed software, let me know.

Thanks!

Thanks! Stupid me, this was an easy one. Parent seems to be `/usr/sbin/chkrootkit -q` - so I guess, everything is fine then. Will add the details as an answer. — Michael Helwig, Jan 06 '16 at 10:42

score 2 · Answer 1 · answered Jan 06 '16 at 10:45

2

Thanks to "embedded" I checked the parent of the process via

cat /proc/[PID]/status | grep PPid

and it turns out that its parent was

/bin/sh /usr/sbin/chkrootkit -q

So everything seems fine.

answered Jan 06 '16 at 10:45

Michael Helwig

123
6

1

See also `pstree` and `ps auxfw` for showing visual process tree with parent/child relations. – Dominik R Jan 06 '16 at 11:49

Source of long running find process on server

1 Answers1