[asterisk-users] Strange Issue: asterisk deleted

Chad Wallace cwallace at lodgingcompany.com
Wed Nov 26 16:54:27 CST 2014

On Wed, 26 Nov 2014 22:08:05 +0200
Antoine Megalla <aatef at rocketmail.com> wrote:

> I looked for asterisk in /usr/sbin using the commands ls and find and
> whereis and it was not there.
> I know that the process is killed because when I start asterisk using
> the command asterisk -vvvvc it starts and then it exits and the word
> killed is wrote on the console.
> Ever time I copy a new executable to /usr/sbin either using cp
> command or make install it gets deleted too.
> Now I used the strace command on asterisk and I can clearly see at
> the end of the strace the line : killed by SIGKILL This means that
> something or someone is actually and purposely killing asterisk but I
> do not know what or who is doing that also I know that I am the only
> user on the system.

I don't know if there's any way to see where the signal comes from.
But I think it would have to be another process.  Is this a hosted
machine?  Could it be that your hosting provider doesn't allow
asterisk?  This would be a good way to enforce that rule.  Otherwise,
it could be a root kit or a virus.

Or it could be that you (or someone else) wanted to make sure asterisk
wasn't running at some point and left "while true; do killall -9
asterisk; done" running in a shell, and forgot about it.

You can list all the processes with the command "ps -ef"

And to see if anyone else (or yourself) is logged in, run "w".  That
will show every individual session and where they're connected from.


C. Chad Wallace, B.Sc.
The Lodging Company
OpenPGP Public Key ID: 0x262208A0

More information about the asterisk-users mailing list