Suspicious process running under user mysql
The body of the message is: (Changed server name below for security reasons)
Time: Wed Jun 3 09:04:59 2009 -0500
PID: 18678
Account: mysql
Uptime: 28843 seconds
Executable:
/usr/sbin/mysqld\004a261248\009BrIpQz (deleted)
The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files.
Command Line (often faked in exploits):
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/myserver.mydomain.net.pid --skip-external-locking --port=3306 --socket=/var/lib/mysql/mysql.sock
REMEDY : just reboot mysqld server, because it has been upgraded to a newer version by your server configuration. Read : http://forum.configserver.com/showthread.php?t=2059
I had the same issue after sql upgrade and made a full server restart and it got away. If it appears / resurface again, then restarting mysqld is not a solution. See what is eating up mysql.
mysqladmin proc stat
