Interested on thoughts of this especially from anyone in the ViX team. If it is confirmed this is unusual I will setup the box again from scratch.

So I have noticed 3 things lately on the box.

1 - After the box has been up for a while e.g. 1-2 weeks, which isnt that long for a tv STB. The box wont respond to the remote control and outputs no service to the tv, am required to power cycle it. SSH still responsive. The last time thi s occurred, I was looking at the back of the box as I did the power cycle, and noticed constant network activity as well as one of the usb drives been busy, this was obviously unusual especially as the usb drives are only holding archived shows, and not used for recordings, epg etc. So should be idle when the box is idle.
2 - Memory usage is really high, so bear in mind many boxes still have half gig of ram or less, this box right now even right after a reboot is using 759meg of ram, and if I look in 'top' the biggest process listed is enigma2 at around 80meg of ram. Nothing else comes close, so the fact I have memory usage that is unaccounted for is a bit of a warning sign, note this does not include cache usage which has its own counter. This 759meg is userland usage.
3 -There is a unkillable root process called '999999999999999' running, top reports very low ram usage but it is using a moderate amount of cpu, its the sort of filename rogue software has, I tried to search for a binary with this name but doesnt exist on the system. If dev's confirm this process should not be running on a clean vix box I am resetting the configuration.

Info below

Box
Brand & Model: Zgemma H7
Chipset: Broadcom 7251s
Main Memory: 236708 kB free / 1028048 kB total
Box Uptime: 0:09
Software
System OE: OE-Alliance 4.3
Firmware version: OpenViX 5.3.013 (2019-12-13)
Kernel / Drivers: 4.10.12 / 20191123

Have you opened ports on your router to allow access to the box from the internet?

no, there is no routing to the box from the internet, but the box can of course make connections out to the internet.

I know how it possibly got compromised, if it is compromised.

I installed a package from a unverified source, so that would be the overwhelming likelyhood of the source.

….. and don't forget that anything on your local network could also be compromised.

Are you using mgcamd?

not using mgcamd no.

2 - Memory usage is really high, so bear in mind many boxes still have half gig of ram or less, this box right now even right after a reboot is using 759meg of ram, and if I look in 'top' the biggest process listed is enigma2 at around 80meg of ram. Nothing else comes close, so the fact I have memory usage that is unaccounted for is a bit of a warning sign, note this does not include cache usage which has its own counter. This 759meg is userland usage.
Linux uses all (well, almost all) free memory to cache file-system activity. For any system that has active file-systems it's quite normal for most of memory to be "in-use" (unless you have many GBs of memory). But it isn't.
EDIT: But you seem to reckon it isn't that anyway...


3 -There is a unkillable root process called '999999999999999' running, top reports very low ram usage but it is using a moderate amount of cpu, its the sort of filename rogue software has, I tried to search for a binary with this name but doesnt exist on the system. If dev's confirm this process should not be running on a clean vix box I am resetting the configuration.My et8000 has these:


root 249 2 0 02:37 ? 00:00:00 [nnnnnnnn]
root 250 2 0 02:37 ? 00:00:00 [nnnnnnnnnnnnnnn]
root 251 2 0 02:37 ? 00:00:00 [nnnnnnnnnnnnnnn]
root 252 2 0 02:37 ? 00:00:00 [nnnnnnnnnnnnnnn]
root 253 2 0 02:37 ? 00:00:00 [nnnnnnnnnnnn]
root 254 2 0 02:37 ? 00:00:00 [nnnnnnnnnnnnn]
root 255 2 0 02:37 ? 00:00:00 [nnnnnnnnnnnnnnn]They've always been there. They are kernel threads. According to /proc/<pid>/wchan they are all waiting on BKNI_WaitForGroup.

EDIT: BKNI appears to be something to do with the "Broadcom 'proprietary' graphic acceleration instruction pipeline".

thanks birdman, it isnt cache usage unless somehow the resource counters have gone fubar, also it is really high right after a reboot and it takes time for cache's to populate.

I will check the kernel thread stuff.

Currently the box is quite bad I already have setup a cron to auto restart enigma nightly because of disk swapping causing channels to stutter, and I may have even to make that twice daily, and possibly even an automatic reboot. The setting up from scratch is going to happen its just when I got time to do it.

--edit--

Thanks to birdman's info I have a bit more information now.

This is the output for wchan


BKNI_WaitForEvent_tagged

But interestingly when I did ls /proc/1649 (1640 is the PID), the exe is missing, there isnt one. If I run that command on any other process on the system, the exe variable is populated properly.

see the error in this paste


root@vusolo2:~# ls /proc/1649
-r-------- 1 root root 0 Feb 29 19:50 auxv
-r--r--r-- 1 root root 0 Feb 29 19:50 cgroup
--w------- 1 root root 0 Feb 29 19:50 clear_refs
-r--r--r-- 1 root root 0 Feb 24 14:53 cmdline
-rw-r--r-- 1 root root 0 Feb 29 19:50 comm
-rw-r--r-- 1 root root 0 Feb 29 19:50 coredump_filter
-r--r--r-- 1 root root 0 Feb 29 19:50 cpuset
lrwxrwxrwx 1 root root 0 Feb 29 19:50 cwd -> /
-r-------- 1 root root 0 Feb 29 19:50 environ
ls: /proc/1649/exe: cannot read link: No such file or directory
lrwxrwxrwx 1 root root 0 Feb 24 14:53 exe
dr-x------ 2 root root 0 Feb 29 19:50 fd
dr-x------ 2 root root 0 Feb 29 19:50 fdinfo
-r--r--r-- 1 root root 0 Feb 29 19:50 limits
dr-x------ 2 root root 0 Feb 29 19:50 map_files
-r--r--r-- 1 root root 0 Feb 29 19:50 maps
-rw------- 1 root root 0 Feb 29 19:50 mem
-r--r--r-- 1 root root 0 Feb 29 19:50 mountinfo
-r--r--r-- 1 root root 0 Feb 29 19:50 mounts
-r-------- 1 root root 0 Feb 29 19:50 mountstats
dr-xr-xr-x 7 root root 0 Feb 29 19:50 net
dr-x--x--x 2 root root 0 Feb 29 19:50 ns
-rw-r--r-- 1 root root 0 Feb 29 19:50 oom_adj
-r--r--r-- 1 root root 0 Feb 29 19:50 oom_score
-rw-r--r-- 1 root root 0 Feb 29 19:50 oom_score_adj
-r-------- 1 root root 0 Feb 29 19:50 pagemap
-r-------- 1 root root 0 Feb 29 19:50 personality
lrwxrwxrwx 1 root root 0 Feb 29 19:50 root -> /
-r--r--r-- 1 root root 0 Feb 29 19:50 smaps
-r--r--r-- 1 root root 0 Feb 24 14:53 stat
-r--r--r-- 1 root root 0 Feb 24 14:55 statm
-r--r--r-- 1 root root 0 Feb 29 19:50 status
-r-------- 1 root root 0 Feb 29 19:50 syscall
dr-xr-xr-x 3 root root 0 Feb 29 19:50 task
-rw-rw-rw- 1 root root 0 Feb 29 19:50 timerslack_ns
-r--r--r-- 1 root root 0 Feb 29 19:50 wchan

snippet of ram


root@vusolo2:~# free -m
total used free shared buff/cache available
Mem: 1003 771 138 0 93 214
Swap: 255 0 255

Note how 93meg is used by the cache, it is added to free for available ram, 771 meg is used not including cache, but the only process using any measurable amount of ram is enigma at 11.5% of ram which is about 118 meg on this system. If it was cache usage I wouldnt be concerned.

The setting up from scratch is going to happen its just when I got time to do it.

This is not a big deal, you have a multiboot box.
So when you have time flash an image (with ImageManager) to a free slot (I am assuming that you have never done this, so your current image is in the 1st slot. Setup as much as you can from new (don’t use restore backup) and then reboot (power long press - multiboot restart or on latest image multiboot image selector) to slot 1(your current live image).
So flip between the images until you are comfortable with the new image and you have time - and then you are OK.

But interestingly when I did ls /proc/1649 (1640 is the PID), the exe is missing, there isnt one.This is true for kernel processes (things that show up within []). They run as a separate process, but don't have any executable to run.

I will be doing the multiboot thing this weekend I think, thanks.

Today I noticed the box OSD was stuck showing 7pm as the time. Turned on the tv, there is a frozen picture with audio still playing for the channel.

I cannot login to ssh.

The network led light is constantly flashing, I checked my firewall (pfsense), it shows absolutely no traffic at all on the vix ip, and the dhcp status is even offline, which indicates although there is a busy network led, there is actually no trafifc as if the box is in some kind of fit or something.

I will be doing the multiboot thing this weekend I think, thanks.

Today I noticed the box OSD was stuck showing 7pm as the time. Turned on the tv, there is a frozen picture with audio still playing for the channel.



Sounds to me like the same hardware fault that saw my good friend return two Zgemma H7s 4K boxes!

The first was returned in December & when the replacement failed within a few weeks to the same fault the second box was returned in January to the forum sponsor,

During the above time he contacted the Sponsor & was advised to open a support ticket on the shops website
& i must say the support received from the sponsor was first class.

In this instance both were returned free of charge and each returned box was reflashed put on test by our Sponsor whom updated the opened ticket regularly confirming of a Hardware fault both times & a replacement boxes were dispatched, so yes he's on his 3rd Zgemma which is fine but what's most important is the first class support he received during this time.