There are some strange processes in the customized Linux system?

I am customizing a Linux real-time system using the Linux 6.4.0 kernel and patch-6.4.6-rt8 patch.
I don’t know why, when I was executing top, I found these strange processes, such as #1 and #2, and their number showed an increasing trend. I searched with grep "head -v -n 8" / -r, but I couldn’t find any related files.

#1

sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc

#2

head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname

top:

#top
CPU:  0.4% usr  0.4% sys  0.0% nic 99.0% idle  0.0% io  0.0% irq  0.0% sirq
Load average: 0.60 0.95 1.15 3/144 2667
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
  285   279 root     S     3748  0.0   3  0.0 dropbear
30677   279 root     S     3492  0.0   0  0.0 dropbear
30761 30709 root     R     2580  0.0   1  0.0 top
 1321 30677 root     S     2580  0.0   3  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
 2612   285 root     S     2580  0.0   0  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
   39     2 root     SW       0  0.0   2  0.0 [ksoftirqd/2]
   38     2 root     SW       0  0.0   2  0.0 [ktimers/2]
   19     2 root     SW       0  0.0   0  0.0 [rcuc/0]
   17     2 root     IW       0  0.0   2  0.0 [rcu_preempt]
   69     2 root     IW       0  0.0   2  0.0 [kworker/2:1-eve]
  230     1 root     S     3920  0.0   3  0.0 /usr/sbin/plymouthd --mode=boot --attach-to-session --pid-file=/run/plymouth/pid
30708   279 root     S     3056  0.0   3  0.0 dropbear
  279     1 root     S     3056  0.0   2  0.0 dropbear
29321   286 root     S     2996  0.0   0  0.0 grep head -v -n 8 / -r
  567   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
    1     0 root     S     2580  0.0   0  0.0 init
26445   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  325 30677 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
32339 30677 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
31760 30677 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
32191   285 root     S     2580  0.0   0  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
32752   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
 1260   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
28728   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
31494   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  289   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
28446   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  286   285 root     S     2580  0.0   0  0.0 -sh
30210   285 root     S     2580  0.0   3  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
30806   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
30712 30677 root     S     2580  0.0   0  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  282     1 root     S     2580  0.0   0  0.0 -/bin/sh
 1175 31760 root     S     2580  0.0   3  0.0 tail -v -n 16 /proc/net/dev
 1230   289 root     S     2580  0.0   3  0.0 head -v -n 8 /proc/meminfo
 1653 32339 root     S     2580  0.0   0  0.0 tail -v -n 16 /proc/net/dev
 1780 32752 root     S     2580  0.0   2  0.0 head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname
 2311  1260 root     S     2580  0.0   3  0.0 head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname

add tree:

#pstree
init-+-dropbear-+-dropbear-+-sh---grep
     |          |          |-8*[sh---head]
     |          |          |-5*[sh]
     |          |          `-sh---tail
     |          |-dropbear-+-3*[sh]
     |          |          |-2*[sh---head]
     |          |          |-3*[sh---tail]
     |          |          `-sh---pstree
     |          `-dropbear
     |-plymouthd
     `-sh

Mobaxterm:

#m1

enter image description here

#m2

enter image description here

#m3

enter image description here

#m4

enter image description here

#m5

enter image description here

Asked By: ABeginner

||
Source

Someone (or some automation) is logged into your system, using SSH, and is running those commands. The commands you highlighted are benign, they’re the kind of commands someone would run to keep an eye on memory usage on the system.

In your case, they’re commands run by MobaXterm for its “remote monitoring” feature. If you disable that, you should no longer see them.

Answered By: Stephen Kitt
Categories: Answers Tags:
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.