-:() Process

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am currenlty showing a process when doing a ps -ef on my system I
receive a process listed as -:(). I killed the process and it logged of
my system. Have I been compromised? I tried searching on this process
and did not get any responses back.

Re: -:() Process

Quoted text here. Click to load it

You probably are seeing the process with the name "-:0", which is a zero
at the end, instead of parentheses.  If that's the case, then everything
is alright, because that's just the command line name of your X server
process.  You can easily check that.  See the output of "ps -ef", and
grab the PID of the process.  Then do "ps c -ef" to see the binary name
of all processes and check that the PID actually belongs to a process
called just 'X'.

To explain that:  The dash ('-') at the beginning means that this is
your login process, i.e. the one process started at login time.  It
shouldn't be, but on some systems, X is the login shell for some or all
users.  Otherwise and much more likely, it just may be that your display
manager (XDM, GDM, KDM, ...) started your X server that way.  The ":0"
at the end means that the X server is running on display 0 (zero),
i.e. the first virtual terminal, which X can or should use.  If you have
multiple X sessions running, the other sessions will have different
display numbers like ":1".


Re: -:() Process

Ertugrul Soeylemez wrote:
Quoted text here. Click to load it

Thanks for not blasting me I am new to Linux security. Thanks for the
useful information

Re: -:() Process

Quoted text here. Click to load it

Are you sure it's not "-:0" ?

That's part of how X communicates with its various pieces. If you kill
it, you kill your X server and thus are logged out when a new X server
process is spawned by init.

If you have more than one X display running, you'll probably see "-:1"
and "-:2" and so on for each display screen.


John (john@os2.dhs.org)

Re: -:() Process

John Thompson wrote:
Quoted text here. Click to load it

Thanks for the help.

Site Timeline