LFD - Suspicious process running under user postgres

eventtex · Post by **eventtex** » 14 Jun 2022, 15:45

Hello,

I come to you because I received several notification emails from my VPS server entitled: LFD - Suspicious process running under user postgres

Here is the content of the email

Code: Select all

Time: Sun May 29 11:00:57 2022 +0200
PID: 12692 (Parent PID:12686)
Account: postgres
Uptime: 801371 seconds


Executable:

/usr/pgsql-10/bin/postgres


Command Line (often faked in exploits):

postgres: wal writer process


Network connections by the process (if any):

udp6: 0:0:0:0:0:0:0:1:52577 -> 0:0:0:0:0:0:0:1:52577


Files open by the process (if any):

/dev/null
/var/lib/pgsql/10/data/pg_wal/000000010000000000000001
anon_inode:[eventpoll]


Memory maps by the process (if any):

00400000-00aaa000 r-xp 00000000 08:01 8626148 /usr/pgsql-10/bin/postgres
00ca9000-00caa000 r--p 006a9000 08:01 8626148 /usr/pgsql-10/bin/postgres
00caa000-00cb8000 rw-p 006aa000 08:01 8626148 /usr/pgsql-10/bin/postgres
00cb8000-00d21000 rw-p 00000000 00:00 0
01f96000-01fdf000 rw-p 00000000 00:00 0 [heap]
7f10c87eb000-7f10d1595000 rw-s 00000000 00:04 329491107 /dev/zero (deleted)
7f10d1595000-7f10d7ad7000 r--p 00000000 08:01 3144553 /usr/lib/locale/locale-archive
7f10d7ad7000-7f10d7ad9000 r-xp 00000000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7ad9000-7f10d7cd8000 ---p 00002000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7cd8000-7f10d7cd9000 r--p 00001000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7cd9000-7f10d7cda000 rw-p 00002000 08:01 7217 /usr/lib64/libfreebl3.so
7f10d7cda000-7f10d7ce9000 r-xp 00000000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7ce9000-7f10d7ee8000 ---p 0000f000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7ee8000-7f10d7ee9000 r--p 0000e000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7ee9000-7f10d7eea000 rw-p 0000f000 08:01 90432 /usr/lib64/libbz2.so.1.0.6
7f10d7eea000-7f10d7f01000 r-xp 00000000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d7f01000-7f10d8100000 ---p 00017000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d8100000-7f10d8101000 r--p 00016000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d8101000-7f10d8102000 rw-p 00017000 08:01 555646 /usr/lib64/libelf-0.176.so
7f10d8102000-7f10d8162000 r-xp 00000000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8162000-7f10d8362000 ---p 00060000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8362000-7f10d8363000 r--p 00060000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8363000-7f10d8364000 rw-p 00061000 08:01 90301 /usr/lib64/libpcre.so.1.2.0
7f10d8364000-7f10d8368000 r-xp 00000000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8368000-7f10d8567000 ---p 00004000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8567000-7f10d8568000 r--p 00003000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8568000-7f10d8569000 rw-p 00004000 08:01 90495 /usr/lib64/libattr.so.1.1.0
7f10d8569000-7f10d8571000 r-xp 00000000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8571000-7f10d8770000 ---p 00008000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8770000-7f10d8771000 r--p 00007000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8771000-7f10d8772000 rw-p 00008000 08:01 2592653 /usr/lib64/libcrypt-2.17.so
7f10d8772000-7f10d87a0000 rw-p 00000000 00:00 0
7f10d87a0000-7f10d87a4000 r-xp 00000000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d87a4000-7f10d89a4000 ---p 00004000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d89a4000-7f10d89a5000 r--p 00004000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d89a5000-7f10d89a6000 rw-p 00005000 08:01 90537 /usr/lib64/libcap-ng.so.0.0.0
7f10d89a6000-7f10d89f4000 r-xp 00000000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d89f4000-7f10d8bf4000 ---p 0004e000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d8bf4000-7f10d8bf6000 r--p 0004e000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d8bf6000-7f10d8bf7000 rw-p 00050000 08:01 380235 /usr/lib64/libdw-0.176.so
7f10d8bf7000-7f10d8bfb000 r-xp 00000000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8bfb000-7f10d8dfa000 ---p 00004000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8dfa000-7f10d8dfb000 r--p 00003000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8dfb000-7f10d8dfc000 rw-p 00004000 08:01 90548 /usr/lib64/libgpg-error.so.0.10.0
7f10d8dfc000-7f10d8e79000 r-xp 00000000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d8e79000-7f10d9078000 ---p 0007d000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d9078000-7f10d9079000 r--p 0007c000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d9079000-7f10d907c000 rw-p 0007d000 08:01 90561 /usr/lib64/libgcrypt.so.11.8.2
7f10d907c000-7f10d907d000 rw-p 00000000 00:00 0
7f10d907d000-7f10d908b000 r-xp 00000000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d908b000-7f10d928a000 ---p 0000e000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d928a000-7f10d928b000 r--p 0000d000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d928b000-7f10d928c000 rw-p 0000e000 08:01 90795 /usr/lib64/liblz4.so.1.8.3
7f10d928c000-7f10d92b0000 r-xp 00000000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d92b0000-7f10d94af000 ---p 00024000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d94af000-7f10d94b0000 r--p 00023000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d94b0000-7f10d94b1000 rw-p 00024000 08:01 90300 /usr/lib64/libselinux.so.1
7f10d94b1000-7f10d94b3000 rw-p 00000000 00:00 0
7f10d94b3000-7f10d94b7000 r-xp 00000000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d94b7000-7f10d96b6000 ---p 00004000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d96b6000-7f10d96b7000 r--p 00003000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d96b7000-7f10d96b8000 rw-p 00004000 08:01 90532 /usr/lib64/libcap.so.2.22
7f10d96b8000-7f10daa8a000 r-xp 00000000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10daa8a000-7f10dac89000 ---p 013d2000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10dac89000-7f10dac8a000 r--p 013d1000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10dac8a000-7f10dac8b000 rw-p 013d2000 08:01 442360 /usr/lib64/libicudata.so.50.2
7f10dac8b000-7f10daca0000 r-xp 00000000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10daca0000-7f10dae9f000 ---p 00015000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10dae9f000-7f10daea0000 r--p 00014000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10daea0000-7f10daea1000 rw-p 00015000 08:01 555588 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f10daea1000-7f10daf8a000 r-xp 00000000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10daf8a000-7f10db18a000 ---p 000e9000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10db18a000-7f10db192000 r--p 000e9000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10db192000-7f10db194000 rw-p 000f1000 08:01 11436 /usr/lib64/libstdc++.so.6.0.19
7f10db194000-7f10db1a9000 rw-p 00000000 00:00 0
7f10db1a9000-7f10db1e3000 r-xp 00000000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db1e3000-7f10db3e2000 ---p 0003a000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db3e2000-7f10db3e3000 r--p 00039000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db3e3000-7f10db3e5000 rw-p 0003a000 08:01 1830052 /usr/lib64/libnspr4.so
7f10db3e5000-7f10db3e7000 rw-p 00000000 00:00 0
7f10db3e7000-7f10db3eb000 r-xp 00000000 08:01 3219103 /usr/lib64/libplc4.so
7f10db3eb000-7f10db5ea000 ---p 00004000 08:01 3219103 /usr/lib64/libplc4.so
7f10db5ea000-7f10db5eb000 r--p 00003000 08:01 3219103 /usr/lib64/libplc4.so
7f10db5eb000-7f10db5ec000 rw-p 00004000 08:01 3219103 /usr/lib64/libplc4.so
7f10db5ec000-7f10db5ef000 r-xp 00000000 08:01 3219104 /usr/lib64/libplds4.so
7f10db5ef000-7f10db7ee000 ---p 00003000 08:01 3219104 /usr/lib64/libplds4.so
7f10db7ee000-7f10db7ef000 r--p 00002000 08:01 3219104 /usr/lib64/libplds4.so
7f10db7ef000-7f10db7f0000 rw-p 00003000 08:01 3219104 /usr/lib64/libplds4.so
7f10db7f0000-7f10db819000 r-xp 00000000 08:01 11393 /usr/lib64/libnssutil3.so
7f10db819000-7f10dba18000 ---p 00029000 08:01 11393 /usr/lib64/libnssutil3.so
7f10dba18000-7f10dba1f000 r--p 00028000 08:01 11393 /usr/lib64/libnssutil3.so
7f10dba1f000-7f10dba20000 rw-p 0002f000 08:01 11393 /usr/lib64/libnssutil3.so
7f10dba20000-7f10dbb50000 r-xp 00000000 08:01 564431 /usr/lib64/libnss3.so
7f10dbb50000-7f10dbd50000 ---p 00130000 08:01 564431 /usr/lib64/libnss3.so
7f10dbd50000-7f10dbd55000 r--p 00130000 08:01 564431 /usr/lib64/libnss3.so
7f10dbd55000-7f10dbd58000 rw-p 00135000 08:01 564431 /usr/lib64/libnss3.so
7f10dbd58000-7f10dbd59000 rw-p 00000000 00:00 0
7f10dbd59000-7f10dbd7e000 r-xp 00000000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbd7e000-7f10dbf7d000 ---p 00025000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbf7d000-7f10dbf80000 r--p 00024000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbf80000-7f10dbf81000 rw-p 00027000 08:01 1841497 /usr/lib64/libsmime3.so
7f10dbf81000-7f10dbfde000 r-xp 00000000 08:01 1841517 /usr/lib64/libssl3.so
7f10dbfde000-7f10dc1de000 ---p 0005d000 08:01 1841517 /usr/lib64/libssl3.so
7f10dc1de000-7f10dc1e2000 r--p 0005d000 08:01 1841517 /usr/lib64/libssl3.so
7f10dc1e2000-7f10dc1e3000 rw-p 00061000 08:01 1841517 /usr/lib64/libssl3.so
7f10dc1e3000-7f10dc1e4000 rw-p 00000000 00:00 0
7f10dc1e4000-7f10dc200000 r-xp 00000000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc200000-7f10dc3ff000 ---p 0001c000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc3ff000-7f10dc400000 r--p 0001b000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc400000-7f10dc401000 rw-p 0001c000 08:01 556053 /usr/lib64/libsasl2.so.3.0.0
7f10dc401000-7f10dc40f000 r-xp 00000000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc40f000-7f10dc60e000 ---p 0000e000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc60e000-7f10dc60f000 r--p 0000d000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc60f000-7f10dc610000 rw-p 0000e000 08:01 413536 /usr/lib64/liblber-2.4.so.2.10.7
7f10dc610000-7f10dc626000 r-xp 00000000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc626000-7f10dc826000 ---p 00016000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc826000-7f10dc827000 r--p 00016000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc827000-7f10dc828000 rw-p 00017000 08:01 3144705 /usr/lib64/libresolv-2.17.so
7f10dc828000-7f10dc82a000 rw-p 00000000 00:00 0
7f10dc82a000-7f10dc82d000 r-xp 00000000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dc82d000-7f10dca2c000 ---p 00003000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dca2c000-7f10dca2d000 r--p 00002000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dca2d000-7f10dca2e000 rw-p 00003000 08:01 90563 /usr/lib64/libkeyutils.so.1.5
7f10dca2e000-7f10dca3c000 r-xp 00000000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dca3c000-7f10dcc3c000 ---p 0000e000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dcc3c000-7f10dcc3d000 r--p 0000e000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dcc3d000-7f10dcc3e000 rw-p 0000f000 08:01 18791 /usr/lib64/libkrb5support.so.0.1
7f10dcc3e000-7f10dcc6f000 r-xp 00000000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dcc6f000-7f10dce6e000 ---p 00031000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dce6e000-7f10dce70000 r--p 00030000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dce70000-7f10dce71000 rw-p 00032000 08:01 11425 /usr/lib64/libk5crypto.so.3.1
7f10dce71000-7f10dce74000 r-xp 00000000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dce74000-7f10dd073000 ---p 00003000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dd073000-7f10dd074000 r--p 00002000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dd074000-7f10dd075000 rw-p 00003000 08:01 555623 /usr/lib64/libcom_err.so.2.1
7f10dd075000-7f10dd14e000 r-xp 00000000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd14e000-7f10dd34d000 ---p 000d9000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd34d000-7f10dd35b000 r--p 000d8000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd35b000-7f10dd35e000 rw-p 000e6000 08:01 18689 /usr/lib64/libkrb5.so.3.3
7f10dd35e000-7f10dd37c000 r-xp 00000000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd37c000-7f10dd57b000 ---p 0001e000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd57b000-7f10dd57c000 r--p 0001d000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd57c000-7f10dd57d000 rw-p 0001e000 08:01 90540 /usr/lib64/libaudit.so.1.0.0
7f10dd57d000-7f10dd587000 rw-p 00000000 00:00 0
7f10dd587000-7f10dd5ac000 r-xp 00000000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd5ac000-7f10dd7ab000 ---p 00025000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd7ab000-7f10dd7ac000 r--p 00024000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd7ac000-7f10dd7ad000 rw-p 00025000 08:01 90320 /usr/lib64/liblzma.so.5.2.2
7f10dd7ad000-7f10dd7c2000 r-xp 00000000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd7c2000-7f10dd9c1000 ---p 00015000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd9c1000-7f10dd9c2000 r--p 00014000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd9c2000-7f10dd9c3000 rw-p 00015000 08:01 90434 /usr/lib64/libz.so.1.2.7
7f10dd9c3000-7f10ddb87000 r-xp 00000000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddb87000-7f10ddd86000 ---p 001c4000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddd86000-7f10ddd8a000 r--p 001c3000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddd8a000-7f10ddd8c000 rw-p 001c7000 08:01 2592649 /usr/lib64/libc-2.17.so
7f10ddd8c000-7f10ddd91000 rw-p 00000000 00:00 0
7f10ddd91000-7f10dddc0000 r-xp 00000000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10dddc0000-7f10ddfc0000 ---p 0002f000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10ddfc0000-7f10ddfc1000 r--p 0002f000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10ddfc1000-7f10ddfc2000 rw-p 00030000 08:01 1860386 /usr/lib64/libsystemd.so.0.6.0
7f10ddfc2000-7f10de126000 r-xp 00000000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de126000-7f10de326000 ---p 00164000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de326000-7f10de336000 r--p 00164000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de336000-7f10de337000 rw-p 00174000 08:01 2776387 /usr/lib64/libicuuc.so.50.2
7f10de337000-7f10de33b000 rw-p 00000000 00:00 0
7f10de33b000-7f10de52b000 r-xp 00000000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de52b000-7f10de72b000 ---p 001f0000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de72b000-7f10de737000 r--p 001f0000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de737000-7f10de739000 rw-p 001fc000 08:01 442362 /usr/lib64/libicui18n.so.50.2
7f10de739000-7f10de73a000 rw-p 00000000 00:00 0
7f10de73a000-7f10de78c000 r-xp 00000000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de78c000-7f10de98c000 ---p 00052000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de98c000-7f10de98e000 r--p 00052000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de98e000-7f10de98f000 rw-p 00054000 08:01 1906895 /usr/lib64/libldap-2.4.so.2.10.7
7f10de98f000-7f10dea90000 r-xp 00000000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dea90000-7f10dec8f000 ---p 00101000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dec8f000-7f10dec90000 r--p 00100000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dec90000-7f10dec91000 rw-p 00101000 08:01 3144565 /usr/lib64/libm-2.17.so
7f10dec91000-7f10dec93000 r-xp 00000000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dec93000-7f10dee93000 ---p 00002000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dee93000-7f10dee94000 r--p 00002000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dee94000-7f10dee95000 rw-p 00003000 08:01 3144563 /usr/lib64/libdl-2.17.so
7f10dee95000-7f10dee9c000 r-xp 00000000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10dee9c000-7f10df09b000 ---p 00007000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10df09b000-7f10df09c000 r--p 00006000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10df09c000-7f10df09d000 rw-p 00007000 08:01 3144713 /usr/lib64/librt-2.17.so
7f10df09d000-7f10df0e7000 r-xp 00000000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df0e7000-7f10df2e7000 ---p 0004a000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df2e7000-7f10df2e8000 r--p 0004a000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df2e8000-7f10df2ea000 rw-p 0004b000 08:01 555647 /usr/lib64/libgssapi_krb5.so.2.2
7f10df2ea000-7f10df521000 r-xp 00000000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df521000-7f10df720000 ---p 00237000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df720000-7f10df73c000 r--p 00236000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df73c000-7f10df749000 rw-p 00252000 08:01 555645 /usr/lib64/libcrypto.so.1.0.2k
7f10df749000-7f10df74d000 rw-p 00000000 00:00 0
7f10df74d000-7f10df7b4000 r-xp 00000000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df7b4000-7f10df9b4000 ---p 00067000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df9b4000-7f10df9b8000 r--p 00067000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df9b8000-7f10df9bf000 rw-p 0006b000 08:01 1841377 /usr/lib64/libssl.so.1.0.2k
7f10df9bf000-7f10df9cc000 r-xp 00000000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10df9cc000-7f10dfbcc000 ---p 0000d000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10dfbcc000-7f10dfbcd000 r--p 0000d000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10dfbcd000-7f10dfbce000 rw-p 0000e000 08:01 555953 /usr/lib64/libpam.so.0.83.1
7f10dfbce000-7f10dfd2c000 r-xp 00000000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dfd2c000-7f10dff2c000 ---p 0015e000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dff2c000-7f10dff34000 r--p 0015e000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dff34000-7f10dff36000 rw-p 00166000 08:01 344743 /usr/lib64/libxml2.so.2.9.1
7f10dff36000-7f10dff38000 rw-p 00000000 00:00 0
7f10dff38000-7f10dff4f000 r-xp 00000000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10dff4f000-7f10e014e000 ---p 00017000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10e014e000-7f10e014f000 r--p 00016000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10e014f000-7f10e0150000 rw-p 00017000 08:01 555600 /usr/lib64/libpthread-2.17.so
7f10e0150000-7f10e0154000 rw-p 00000000 00:00 0
7f10e0154000-7f10e0176000 r-xp 00000000 08:01 2585439 /usr/lib64/ld-2.17.so
7f10e02e2000-7f10e034e000 r--s 00000000 08:01 8413786 /var/db/nscd/hosts
7f10e034e000-7f10e0368000 rw-p 00000000 00:00 0
7f10e036f000-7f10e0373000 rw-s 00000000 00:12 329491109 /dev/shm/PostgreSQL.608381395
7f10e0373000-7f10e0374000 rw-s 00000000 00:04 10 /SYSV0052e2c1 (deleted)
7f10e0374000-7f10e0375000 rw-p 00000000 00:00 0
7f10e0375000-7f10e0376000 r--p 00021000 08:01 2585439 /usr/lib64/ld-2.17.so
7f10e0376000-7f10e0377000 rw-p 00022000 08:01 2585439 /usr/lib64/ld-2.17.so
7f10e0377000-7f10e0378000 rw-p 00000000 00:00 0
7ffd75ebf000-7ffd75ee0000 rw-p 00000000 00:00 0 [stack]
7ffd75fc5000-7ffd75fc7000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

I wanted to have your opinion on this subject to know if I should take this alert into account or not?

Is there a risk that I have a malicious file?

I looked at the processes that are running and I didn't notice anything.

Thanks for your help.
Julian

Sergio · Post by **Sergio** » 24 Jun 2022, 06:23

It seems that you need to add this line to csf.pignore:

Code: Select all

exe: /usr/pgsql-10/bin/postgres

That will get rid of the alert that you are receiving.

ConfigServer Community Forum

LFD - Suspicious process running under user postgres

LFD - Suspicious process running under user postgres

Re: LFD - Suspicious process running under user postgres