[asterisk-users] Strange Issue: asterisk deleted
Chad Wallace
cwallace at lodgingcompany.com
Wed Nov 26 16:54:27 CST 2014
On Wed, 26 Nov 2014 22:08:05 +0200
Antoine Megalla <aatef at rocketmail.com> wrote:
> I looked for asterisk in /usr/sbin using the commands ls and find and
> whereis and it was not there.
>
> I know that the process is killed because when I start asterisk using
> the command asterisk -vvvvc it starts and then it exits and the word
> killed is wrote on the console.
>
> Ever time I copy a new executable to /usr/sbin either using cp
> command or make install it gets deleted too.
>
> Now I used the strace command on asterisk and I can clearly see at
> the end of the strace the line : killed by SIGKILL This means that
> something or someone is actually and purposely killing asterisk but I
> do not know what or who is doing that also I know that I am the only
> user on the system.
I don't know if there's any way to see where the signal comes from.
But I think it would have to be another process. Is this a hosted
machine? Could it be that your hosting provider doesn't allow
asterisk? This would be a good way to enforce that rule. Otherwise,
it could be a root kit or a virus.
Or it could be that you (or someone else) wanted to make sure asterisk
wasn't running at some point and left "while true; do killall -9
asterisk; done" running in a shell, and forgot about it.
You can list all the processes with the command "ps -ef"
And to see if anyone else (or yourself) is logged in, run "w". That
will show every individual session and where they're connected from.
--
C. Chad Wallace, B.Sc.
The Lodging Company
http://www.lodgingcompany.com/
OpenPGP Public Key ID: 0x262208A0
More information about the asterisk-users
mailing list