Question

Suspicious Process Running Under User "Nobody" ?

I have WHM / Cpanel installed on a CentOS droplet, I have also configured CSF firewall. I’m getting logs saying that there are suspicious processes running under user “Nobody” which seem to be Digital Ocean-related. Is there anything I should do or should I just ignore it? Example logs:

Time: Thu Aug 10 16:24:42 2017 -0700 PID: 953 (Parent PID:953) Account: nobody Uptime: 61533 seconds

Executable:

/opt/digitalocean/bin/do-agent

Command Line (often faked in exploits):

/opt/digitalocean/bin/do-agent -log_syslog

Network connections by the process (if any):

tcp: MY SERVER IP -> 151.101.129.7:443

Files open by the process (if any):

/dev/null anon_inode:[eventpoll] /run/digitalocean-agent/tufLocalStore /dev/urandom

Memory maps by the process (if any):

00400000-006b1000 r-xp 00000000 fd:01 529648 /opt/digitalocean/bin/do-agent 006b1000-008b4000 r–p 002b1000 fd:01 529648 /opt/digitalocean/bin/do-agent 008b4000-008e5000 rw-p 004b4000 fd:01 529648 /opt/digitalocean/bin/do-agent 008e5000-00908000 rw-p 00000000 00:00 0 00b3b000-00b5c000 rw-p 00000000 00:00 0 [heap] c000000000-c000002000 rw-p 00000000 00:00 0 c41ffd0000-c420200000 rw-p 00000000 00:00 0 [stack:28837] c420200000-c420600000 rw-p 00000000 00:00 0 7f20d8000000-7f20d8021000 rw-p 00000000 00:00 0 7f20d8021000-7f20dc000000 —p 00000000 00:00 0 7f20e0000000-7f20e0021000 rw-p 00000000 00:00 0 7f20e0021000-7f20e4000000 —p 00000000 00:00 0 7f20e6028000-7f20e6029000 —p 00000000 00:00 0 7f20e6029000-7f20e6989000 rw-p 00000000 00:00 0 7f20e6989000-7f20e698a000 —p 00000000 00:00 0 7f20e698a000-7f20e718a000 rw-p 00000000 00:00 0 [stack:994]


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

do-agent logs fun things like CPU usage, network input/output, IO usage for the usage panel for your droplet.