(DEPRECATED) Apache Flink User Mailing List archive.

unknown process kdevtmpfsi is taking more cpu

classic Classic list List threaded Threaded
6 messages Options
Avinash Tripathy
Reply | Threaded
Open this post in threaded view
|

unknown process kdevtmpfsi is taking more cpu

Avinash Tripathy
Hi,

Based on the official image we have made the docker setup in our server. But after starting docker-compose.yml, there is one unknown process called "kdevtmpfsi " is taking more cpu.


flink version: 1.11.2

Any idea about the above mentioned process.

--
Thanks,
Avinash
Chesnay Schepler
Reply | Threaded
Open this post in threaded view
|

Re: unknown process kdevtmpfsi is taking more cpu

Chesnay Schepler
What modifications have you made to the docker file?
Are you using redis by any chance?

On 11/2/2020 1:20 PM, Avinash Tripathy wrote:
Hi,

Based on the official image we have made the docker setup in our server. But after starting docker-compose.yml, there is one unknown process called "kdevtmpfsi " is taking more cpu.


flink version: 1.11.2

Any idea about the above mentioned process.

--
Thanks,
Avinash
Avinash Tripathy
Reply | Threaded
Open this post in threaded view
|

Re: unknown process kdevtmpfsi is taking more cpu

Avinash Tripathy
No, I didn't modify anything into the docker file. Also we are not using redis.

On Mon, Nov 2, 2020 at 6:09 PM Chesnay Schepler <[hidden email]> wrote:
What modifications have you made to the docker file?
Are you using redis by any chance?

On 11/2/2020 1:20 PM, Avinash Tripathy wrote:
Hi,

Based on the official image we have made the docker setup in our server. But after starting docker-compose.yml, there is one unknown process called "kdevtmpfsi " is taking more cpu.


flink version: 1.11.2

Any idea about the above mentioned process.

--
Thanks,
Avinash




--
Thanks,
Avinash
Chesnay Schepler
Reply | Threaded
Open this post in threaded view
|

Re: unknown process kdevtmpfsi is taking more cpu

Chesnay Schepler
I could not find any traces of kdevtmpfsi in our official docker image.

The only references I could find on the web for kdevtmpfsi are that it is some form of bitcoin malware, commonly associated with redis.
I do not believe that this was introduced by Flink, and would currently conclude that either something in your environment is infected, or it was introduced after the container was started.
Does it show up immediately after starting the container?

There are several guides online for how to remove said process, here's one for good measure.

On 11/2/2020 1:42 PM, Avinash Tripathy wrote:
No, I didn't modify anything into the docker file. Also we are not using redis.

On Mon, Nov 2, 2020 at 6:09 PM Chesnay Schepler <[hidden email]> wrote:
What modifications have you made to the docker file?
Are you using redis by any chance?

On 11/2/2020 1:20 PM, Avinash Tripathy wrote:
Hi,

Based on the official image we have made the docker setup in our server. But after starting docker-compose.yml, there is one unknown process called "kdevtmpfsi " is taking more cpu.


flink version: 1.11.2

Any idea about the above mentioned process.

--
Thanks,
Avinash




--
Thanks,
Avinash
Avinash Tripathy
Reply | Threaded
Open this post in threaded view
|

Re: unknown process kdevtmpfsi is taking more cpu

Avinash Tripathy
No, not immediately. After running the container for some minutes.

I am aware of the link which is provided by you. But we don't have redis configure it on that particular server itself.

On Mon, Nov 2, 2020 at 6:48 PM Chesnay Schepler <[hidden email]> wrote:
I could not find any traces of kdevtmpfsi in our official docker image.

The only references I could find on the web for kdevtmpfsi are that it is some form of bitcoin malware, commonly associated with redis.
I do not believe that this was introduced by Flink, and would currently conclude that either something in your environment is infected, or it was introduced after the container was started.
Does it show up immediately after starting the container?

There are several guides online for how to remove said process, here's one for good measure.

On 11/2/2020 1:42 PM, Avinash Tripathy wrote:
No, I didn't modify anything into the docker file. Also we are not using redis.

On Mon, Nov 2, 2020 at 6:09 PM Chesnay Schepler <[hidden email]> wrote:
What modifications have you made to the docker file?
Are you using redis by any chance?

On 11/2/2020 1:20 PM, Avinash Tripathy wrote:
Hi,

Based on the official image we have made the docker setup in our server. But after starting docker-compose.yml, there is one unknown process called "kdevtmpfsi " is taking more cpu.


flink version: 1.11.2

Any idea about the above mentioned process.

--
Thanks,
Avinash




--
Thanks,
Avinash




--
Thanks,
Avinash
Chesnay Schepler
Reply | Threaded
Open this post in threaded view
|

Re: unknown process kdevtmpfsi is taking more cpu

Chesnay Schepler

As far as I understand this issue is only common with Redis because Redis is common and allows remote code execution; it's not really specific to Redis in that sense; I've found similar articles for Apache Solr.

If the Flink cluster were accessible from the outside, then the same thing might happen. Maybe check the logs to see whether any unexpected job submission have been attempted.

Beyond that, I'm not sure how to help you. Somehow somewhere a process gets in, but unless this can be reproduced in a clean environment with only the Flink image running, then I don't believe this is an issue with Flink but your typicaly network security stuff.


On 11/3/2020 6:13 AM, Avinash Tripathy wrote:
No, not immediately. After running the container for some minutes.

I am aware of the link which is provided by you. But we don't have redis configure it on that particular server itself.

On Mon, Nov 2, 2020 at 6:48 PM Chesnay Schepler <[hidden email]> wrote:
I could not find any traces of kdevtmpfsi in our official docker image.

The only references I could find on the web for kdevtmpfsi are that it is some form of bitcoin malware, commonly associated with redis.
I do not believe that this was introduced by Flink, and would currently conclude that either something in your environment is infected, or it was introduced after the container was started.
Does it show up immediately after starting the container?

There are several guides online for how to remove said process, here's one for good measure.

On 11/2/2020 1:42 PM, Avinash Tripathy wrote:
No, I didn't modify anything into the docker file. Also we are not using redis.

On Mon, Nov 2, 2020 at 6:09 PM Chesnay Schepler <[hidden email]> wrote:
What modifications have you made to the docker file?
Are you using redis by any chance?

On 11/2/2020 1:20 PM, Avinash Tripathy wrote:
Hi,

Based on the official image we have made the docker setup in our server. But after starting docker-compose.yml, there is one unknown process called "kdevtmpfsi " is taking more cpu.


flink version: 1.11.2

Any idea about the above mentioned process.

--
Thanks,
Avinash




--
Thanks,
Avinash




--
Thanks,
Avinash
Free forum by Nabble Edit this page