Elasticsearch autostart after Linux Mint upgrade

Question

I've Googled and search here but only find how to start or autostart Elasticsearch on Linux Mint (in or not in Docker), etc.

After upgrading Linux Mint (desktop) yesterday (15 may 2024) I found that my hard disk is being hammered to the degree that my system got glitchy.

Upgraded to: Linux Mint 21.3 Virginia \n \l

Here is what I found:

$ ps aux | grep docker
root      130265  0.2  0.1 2648980 31552 ?       Ssl  00:29   0:45 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root      130479  0.0  0.0 1229560    0 ?        Sl   00:29   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.19.0.2 -container-port 9001
root      130507  0.0  0.0 1156084    0 ?        Sl   00:29   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.19.0.2 -container-port 9000
root      130534  0.0  0.0 1303292    0 ?        Sl   00:29   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9380 -container-ip 172.19.0.3 -container-port 9380
root      130549  0.0  0.0 1082096    0 ?        Sl   00:29   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.19.0.3 -container-port 443
root      130561  0.0  0.0 1229816    0 ?        Sl   00:29   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.19.0.3 -container-port 80
root      130575  0.0  0.0 1229816    0 ?        Sl   00:29   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 1200 -container-ip 172.19.0.4 -container-port 9200
root      130592  0.0  0.0 1155572    0 ?        Sl   00:29   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5455 -container-ip 172.19.0.5 -container-port 3306
andre     130660  0.0  0.0   2500     4 ?        Ss   00:29   0:00 /bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper
andre     130841  0.0  0.0 2605360 7652 ?        Sl   00:29   0:16 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsearch/bin/elasticsearch -Dcli.libs=lib/tools/server-cli -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/usr/share/elasticsearch/config -Des.distribution.type=docker -cp /usr/share/elasticsearch/lib/*:/usr/share/elasticsearch/lib/cli-launcher/* org.elasticsearch.launcher.CliToolLauncher
andre     137785  0.6 10.7 5885468 1741368 ?     Sl   00:29   2:17 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manager=allow -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j2.formatMsgNoLookups=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=org.elasticsearch.preallocate -Des.cgroups.hierarchy.override=/ -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-11223171985320839730 --add-modules=jdk.incubator.vector -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m -Xms1942m -Xmx1942m -XX:MaxDirectMemorySize=1018167296 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.distribution.type=docker --module-path /usr/share/elasticsearch/lib --add-modules=jdk.net --add-modules=ALL-MODULE-PATH -m org.elasticsearch.server/org.elasticsearch.bootstrap.Elasticsearch
andre     360177  0.0  0.0   9212  2188 pts/1    S+   06:47   0:00 grep --color=auto docker

The IP address seem to be a private IP address according to Whois

The following didn't show any docker entries:

$ sudo runlevel
N 5
$ sudo ls -lah /etc/rc5.d/

$ sudo crontab -l
no crontab for root

But I found the following (look at the date):

$ sudo ls -la /run/containerd/
total 0
drwx--x--x  5 root root  140 May 15 15:21 .
drwxr-xr-x 48 root root 1300 May 16 06:48 ..
srw-rw----  1 root root    0 May 15 15:20 containerd.sock
srw-rw----  1 root root    0 May 15 15:20 containerd.sock.ttrpc
drwx--x--x  2 root root   40 May 15 15:20 io.containerd.runtime.v1.linux
drwx--x--x  3 root root   60 May 15 15:21 io.containerd.runtime.v2.task
drw-------  2 root root   40 May 16 06:48 s

Update: Looking at:

$ sudo journalctl -u docker.service 

May 16 00:29:24 Thrudheim systemd[1]: Starting Docker Application Container Engine...
May 16 00:29:25 Thrudheim dockerd[130265]: time="2024-05-16T00:29:25.425759790+02:00" level=info msg="Starting up"
May 16 00:29:25 Thrudheim dockerd[130265]: time="2024-05-16T00:29:25.484492177+02:00" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"
May 16 00:29:27 Thrudheim dockerd[130265]: time="2024-05-16T00:29:27.612298503+02:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
May 16 00:29:29 Thrudheim dockerd[130265]: time="2024-05-16T00:29:29.423603968+02:00" level=info msg="Loading containers: start."
May 16 00:29:31 Thrudheim dockerd[130265]: time="2024-05-16T00:29:31.116735335+02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
May 16 00:29:31 Thrudheim dockerd[130265]: time="2024-05-16T00:29:31.739041076+02:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"
May 16 00:29:31 Thrudheim dockerd[130265]: time="2024-05-16T00:29:31.739102455+02:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
May 16 00:29:32 Thrudheim dockerd[130265]: time="2024-05-16T00:29:32.039810149+02:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"
May 16 00:29:32 Thrudheim dockerd[130265]: time="2024-05-16T00:29:32.039893325+02:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
May 16 00:29:32 Thrudheim dockerd[130265]: time="2024-05-16T00:29:32.310548605+02:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"
May 16 00:29:32 Thrudheim dockerd[130265]: time="2024-05-16T00:29:32.310607368+02:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
May 16 00:29:33 Thrudheim dockerd[130265]: time="2024-05-16T00:29:33.323234603+02:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"
May 16 00:29:33 Thrudheim dockerd[130265]: time="2024-05-16T00:29:33.323262078+02:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
May 16 00:29:35 Thrudheim dockerd[130265]: time="2024-05-16T00:29:35.793515436+02:00" level=info msg="Loading containers: done."
May 16 00:29:37 Thrudheim dockerd[130265]: time="2024-05-16T00:29:37.626514624+02:00" level=info msg="Docker daemon" commit="24.0.5-0ubuntu1~22.04.1" graphdriver=overlay2 version=24.0.5
May 16 00:29:37 Thrudheim dockerd[130265]: time="2024-05-16T00:29:37.652942464+02:00" level=info msg="Daemon has completed initialization"
May 16 00:29:38 Thrudheim systemd[1]: Started Docker Application Container Engine.
May 16 00:29:38 Thrudheim dockerd[130265]: time="2024-05-16T00:29:38.688235006+02:00" level=info msg="API listen on /run/docker.sock"
May 16 06:48:37 Thrudheim systemd[1]: Stopping Docker Application Container Engine...
May 16 06:48:38 Thrudheim dockerd[130265]: time="2024-05-16T06:48:37.902811217+02:00" level=info msg="Processing signal 'terminated'"
May 16 06:48:43 Thrudheim dockerd[130265]: time="2024-05-16T06:48:43.352915007+02:00" level=info msg="ignoring event" container=8eb5f66bf4fdd553badab180460a105125d58ae587b0bf3540df6f4e43012322 module=libcontainerd namespace=moby topic=/t>
May 16 06:48:46 Thrudheim dockerd[130265]: time="2024-05-16T06:48:46.010436173+02:00" level=warning msg="ShouldRestart failed, container will not be restarted" container=8eb5f66bf4fdd553badab180460a105125d58ae587b0bf3540df6f4e43012322 da>
May 16 06:48:49 Thrudheim dockerd[130265]: time="2024-05-16T06:48:49.504558291+02:00" level=info msg="ignoring event" container=96e0a40615e2307eb19808f7ce5d92112fc19995d9c28e49d4ad559fe099e47b module=libcontainerd namespace=moby topic=/t>
May 16 06:48:49 Thrudheim dockerd[130265]: time="2024-05-16T06:48:49.705034842+02:00" level=warning msg="ShouldRestart failed, container will not be restarted" container=96e0a40615e2307eb19808f7ce5d92112fc19995d9c28e49d4ad559fe099e47b da>
May 16 06:48:49 Thrudheim dockerd[130265]: time="2024-05-16T06:48:49.966701989+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=96e0a40615e2307eb19808f7ce5d92112fc19995d9c28e49d4ad559fe>
May 16 06:48:49 Thrudheim dockerd[130265]: time="2024-05-16T06:48:49.966761645+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=49658c9f50d3b3466a789f2ce6062c032fc72e4e78a385a5a4a14cde4>
May 16 06:48:50 Thrudheim dockerd[130265]: time="2024-05-16T06:48:50.017749503+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=8eb5f66bf4fdd553badab180460a105125d58ae587b0bf3540df6f4e4>
May 16 06:48:50 Thrudheim dockerd[130265]: time="2024-05-16T06:48:50.036057239+02:00" level=info msg="Container failed to exit within 10s of signal 15 - using the force" container=634ef8a3199523c2aed6516a6b33b3968cac4b9374ec8a7842b15eb0f>
May 16 06:48:50 Thrudheim dockerd[130265]: time="2024-05-16T06:48:50.363416710+02:00" level=info msg="ignoring event" container=49658c9f50d3b3466a789f2ce6062c032fc72e4e78a385a5a4a14cde40e01486 module=libcontainerd namespace=moby topic=/t>
May 16 06:48:50 Thrudheim dockerd[130265]: time="2024-05-16T06:48:50.446177993+02:00" level=info msg="ignoring event" container=634ef8a3199523c2aed6516a6b33b3968cac4b9374ec8a7842b15eb0f2925356 module=libcontainerd namespace=moby topic=/t>
May 16 06:48:50 Thrudheim dockerd[130265]: time="2024-05-16T06:48:50.459699008+02:00" level=warning msg="ShouldRestart failed, container will not be restarted" container=49658c9f50d3b3466a789f2ce6062c032fc72e4e78a385a5a4a14cde40e01486 da>
May 16 06:48:50 Thrudheim dockerd[130265]: time="2024-05-16T06:48:50.613500419+02:00" level=warning msg="ShouldRestart failed, container will not be restarted" container=634ef8a3199523c2aed6516a6b33b3968cac4b9374ec8a7842b15eb0f2925356 da>
May 16 06:48:53 Thrudheim dockerd[130265]: time="2024-05-16T06:48:53.457605163+02:00" level=error msg="Force shutdown daemon"
May 16 06:48:53 Thrudheim dockerd[130265]: time="2024-05-16T06:48:53.484034619+02:00" level=info msg="Daemon shutdown complete"
May 16 06:48:53 Thrudheim systemd[1]: docker.service: Deactivated successfully.

My questions:

Is this malicious activities?
What is the proper way to stop it from autostarting (even after I kill docker, it will start up again after awhile) if it is not malicious? (Or get rid of it?)

Stack Exchange Network

Elasticsearch autostart after Linux Mint upgrade

0

You must log in to answer this question.

Browse other questions tagged
linux-mint
docker
upgrade
elasticsearch
.

Hot Network Questions

Elasticsearch autostart after Linux Mint upgrade

0

You must log in to answer this question.

Browse other questions tagged linux-mintdockerupgradeelasticsearch.

Related

Hot Network Questions

Browse other questions tagged
linux-mint
docker
upgrade
elasticsearch
.