At startup I noticed my machine was under heavy load.
Opened up a terminal and top
to find a process running the command find
under user nobody
that was using 90%+ of my memory.
I killed it immediately.
Has my machine been compromised? How can I tell?
Could this be related to this cron job?
$ grep nobody /etc/cron.daily/*
/etc/cron.daily/locate:LOCALUSER="nobody"
Yes. The locate command needs a list of all non-temporary files on your system, and that list is built by updatedb. updatedb skips directories that in it's configuration are designated as being temporary. Would you happen to have temporary files the are never cleaned in special location? Oracle eg. amuses itself by leaving temporary files all over your filesystem. If specific directories should be skipped, add them to updatedb's configuration (updatedb.conf).
Another problem could be a "filesystem loop", when the find started by updatedb, gets in a recursive loop.
If your memory use was the filesystem cache, it should not harm your system, even if some monitoring systems would tell you it's under heavy load. Why shouldn't you use all your memory, as long as it is freed when necessary.