Rocketchat-server proces running on my Ubuntu 20.04 server?? (NEVER INSTALLED)
node /snap/rocketchat-server/1455/main.js is running on my ubuntu server when I issue htop command, I never installed it, didn't know what it was and am never gonna use it.
It's using 7% of my memory.
Edit: I also see nextcloud and sabnzbd in the list
I want to delete it but how?
HTop screenshot showing the running process(es):
2 Answers
SOMEONE installed rocketchat-server on your system via snaps. Likely the same with the other ones as well, which means that if YOU didn't do it another sysadmin of your box did (and if there's no other admins on your machine, then you can assume the system is compromised)
You can purge these with sudo snap remove rocketchat-server nextcloud sabnzbd
I would then suggest you start a heavy audit of your system and assume it's been compromised. Get any data you want off the system (so you can restore it later), then nuke the system and reinstall cleanly and harden the server before restoring your data.
Start with these hardening steps:
- DO NOT allow PasswordAuthentication on SSH ports
- Set up a firewall to block access to ports from the outside
- ONLY use SSH key authentication to SSH into your system
- Set up
fail2ban - DO NOT give any users
sudopermissions if there's multiple users on the system.
Allright guys,
So thank you for all the the answers, but somehow I think I accidentally installed these snaps on installation! Because the server is fairly fresh, practically nothing was running on it aside for a Local/Github webdev environment. Check the picture, it might just be I got it with installation.
Grtz Mex
