on my Debian server, I noticed that I have this up-to-date process that takes a lot of memory, and I don't know what it does.
So using top command I get this processes
top - 10:45:46 up 4 days, 20:26, 1 user, load average: 3,05, 3,43, 3,76
Tarefas: 132 total, 1 em exec., 131 dormindo, 0 parado, 0 zumbi
%Cpu(s): 0,1 us, 0,3 sy, 0,0 ni, 98,4 id, 1,1 wa, 0,0 hi, 0,2 si, 0,0 st
MB mem : 3910,7 total, 113,1 livre, 3674,4 usados, 123,2 buff/cache
MB swap: 976,0 total, 100,2 livre, 875,8 usados, 51,0 mem dispon.
PID USUARIO PR NI VIRT RES SHR S %CPU %MEM TEMPO+ COMANDO
574 lp 20 0 263,1g 3,1g 6052 S 2,3 81,5 246:15.66 up-to-date
153 root 0 -20 0 0 0 I 0,7 0,0 0:44.93 kworker/2:1H-kblockd
2948988 root 20 0 0 0 0 I 0,3 0,0 0:00.01 kworker/3:0-mm_percpu_wq
2949192 anderson 20 0 10292 3732 3192 R 0,3 0,1 0:00.03 top
1 root 20 0 166184 5528 3684 S 0,0 0,1 9:58.84 systemd
2 root 20 0 0 0 0 S 0,0 0,0 0:01.04 kthreadd
3 root 0 -20 0 0 0 I 0,0 0,0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0,0 0,0 0:00.00 rcu_par_gp
[...]
The up-to-date process is taking 80% of my memory. And it is started by lp user, which is something from Cups. After I stopped it, 5 minutes later it started again.
Looking in the auth.log I have this lines:
[...]
Apr 27 00:05:01 server CRON[1911653]: pam_unix(cron:session): session opened for user lp(uid=7) by (uid=0)
Apr 27 00:05:01 server CRON[1911653]: pam_unix(cron:session): session closed for user lp
Apr 27 00:10:01 server CRON[1915848]: pam_unix(cron:session): session opened for user lp(uid=7) by (uid=0)
Apr 27 00:10:01 server CRON[1915848]: pam_unix(cron:session): session closed for user lp
Apr 27 00:15:01 server CRON[1920754]: pam_unix(cron:session): session opened for user lp(uid=7) by (uid=0)
Apr 27 00:15:01 server CRON[1920754]: pam_unix(cron:session): session closed for user lp
[...]
And in the /var/tmp/ I have this files:
-rwx------ 1 lp lp 82M out 22 2024 up-to-date
-rwx------ 1 lp lp 250 out 23 2024 autorun.sh
drwx------ 3 root root 4,0K abr 25 14:19 systemd-private-xxxxxxxxxxxxxxxxxxx-systemd-logind.service-ggg
drwx------ 3 root root 4,0K abr 25 14:19 systemd-private-xxxxxxxxxxxxxxxxxxx-ModemManager.service-jjjj
drwx------ 3 root root 4,0K abr 25 14:19 systemd-private-xxxxxxxxxxxxxxxxxxx-ntp.service-hhhh
drwx------ 3 root root 4,0K abr 25 14:19 systemd-private-xxxxxxxxxxxxxxxxxxx-colord.service-ii
drwx------ 3 root root 4,0K abr 25 14:20 systemd-private-xxxxxxxxxxxxxxxxxxx-openvpn@client.service-wwww
On April 25th, my system became very slow because of this process.
In the autorun.sh I have this script:
PROCESS_PATH="/var/tmp/up-to-date"
if ! pgrep -f "$PROCESS_PATH" > /dev/null; then
echo "Process not running. Starting the process..."
$PROCESS_PATH authtoken xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx &
else
echo "Process is already running."
fi
I have searched for this process, but I didn't find anything about it. I just know that lp user is something from cups.
Do you know what it can be?
