A process "irqbnc1" is running on my server that is hogging high CPU utilisation. I checked and found that Jenkins is starting this process. This child process starts automatically if i killed this process forcefully. Even I am not able to find the binary of this process.
systemctl status jenkins
● jenkins.service - LSB: Jenkins Automation Server
Loaded: loaded (/etc/rc.d/init.d/jenkins)
Active: active (running) since Sat 2017-06-10 16:06:49 IST; 1h 29min ago
Docs: man:systemd-sysv-generator(8)
Process: 32637 ExecStop=/etc/rc.d/init.d/jenkins stop (code=exited, status=0/SUCCESS)
Process: 32696 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/jenkins.service
├─ 5791 ./irqbnc1 -c hsjwj.conf
├─13265 sh
├─24222 sh
└─32716 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20
top command output-
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5791 jenkins 20 0 370148 6976 524 S 300.0 0.0 147:59.75 ./irqbnc1 -c hsjwj.conf
Let me know the purpose of this process and how can i disable this process ?
That process is a bitcoin (cryptocoin) minning script.
You have a vulnerability in your Jenkins that allow an attacker to remote-execute code on your machine. The attacker created a script that downloads from an external source a JSON config file and a binary file. The binary file takes as an argument the config file and starts the mining process.
I would recommend to reinstall your OS + jenkins (latest versions).