Hello,
Today CSF sent 3 emails in a row indicating 'Excessive resource usage:…". I have gotten these 3 emails before in the past but I didn’t think much about it until now. Here are the email messages from CSF:
Time: Sat Feb 24 16:03:43 2024 -0500
Account: mainUser
Resource: Process Time
Exceeded: 1812 > 1800 (seconds)
Executable: /usr/bin/bash
Command Line: -bash
PID: 1044302 (Parent PID:1044301)
Killed: No
Time: Sat Feb 24 16:03:43 2024 -0500
Account: mainUser
Resource: Process Time
Exceeded: 1812 > 1800 (seconds)
Executable: /usr/lib/systemd/systemd
Command Line: (sd-pam)
PID: 1044295 (Parent PID:1044293)
Killed: No
Time: Sat Feb 24 16:03:43 2024 -0500
Account: mainUser
Resource: Process Time
Exceeded: 1812 > 1800 (seconds)
Executable: /usr/lib/systemd/systemd
Command Line: /usr/lib/systemd/systemd --user
PID: 1044293 (Parent PID:1044293)
Killed: No
After receiving these 3 emails, I decided to look into them to see if they’re normal or not. Come to find out, it seems (sd-pam) could be a potential malware according to the following links:
https://forums.gentoo.org/viewtopic-t-1165677.html?sid=072c64c588404d0e47ee82f00e0aa883
It seems the malware is a cryptocurrency miner and more, and hides itself under (sd-pam). Since cryto miners use a system’s resources, my resources seem to be intact and I don’t see or have any odd usage of system resources thus far.
Has anyone else received such emails from CSF? If anyone has any info or insight on what it is and if there should be any concern, pls feel free to write.
It’s possible in my case it’s a normal notice by CSF, but I’m not 100% sure. I have also ran rkhunter and got clean results.
Thanks in advance!