Suspicious process running under user haldaemon
I'm getting a lot of warning emails about "Suspicious process running under user haldaemon" with the following content.
Is there something suspicious on this?
PID: 3534
Account: haldaemon
Uptime: 3104293 seconds
Executable:
/usr/libexec/hald-addon-keyboard.#prelink#.neFRqw (deleted)
The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files.
Command Line (often faked in exploits):
hald-addon-keyboard: listening on /dev/input/event0
Network connections by the process (if any):
Files open by the process (if any):
/dev/null
/dev/null
/dev/null
/dev/input/event0
Memory maps by the process (if any):
00400000-00404000 r-xp 00000000 09:01 80951738 /usr/libexec/hald-addon-keyboard.#prelink#.neFRqw (deleted)
00603000-00604000 rw-p 00003000 09:01 80951738 /usr/libexec/hald-addon-keyboard.#prelink#.neFRqw (deleted)
18465000-18486000 rw-p 18465000 00:00 0 [heap]
39eac00000-39eac1c000 r-xp 00000000 09:01 13369358 /lib64/ld-2.5.so
39eae1b000-39eae1c000 r--p 0001b000 09:01 13369358 /lib64/ld-2.5.so
39eae1c000-39eae1d000 rw-p 0001c000 09:01 13369358 /lib64/ld-2.5.so
39eb000000-39eb14e000 r-xp 00000000 09:01 13369620 /lib64/libc-2.5.so
39eb14e000-39eb34d000 ---p 0014e000 09:01 13369620 /lib64/libc-2.5.so
39eb34d000-39eb351000 r--p 0014d000 09:01 13369620 /lib64/libc-2.5.so
39eb351000-39eb352000 rw-p 00151000 09:01 13369620 /lib64/libc-2.5.so
39eb352000-39eb357000 rw-p 39eb352000 00:00 0
39eb400000-39eb403000 r-xp 00000000 09:01 13369687 /lib64/libcap.so.1.10
39eb403000-39eb603000 ---p 00003000 09:01 13369687 /lib64/libcap.so.1.10
39eb603000-39eb604000 rw-p 00003000 09:01 13369687 /lib64/libcap.so.1.10
39eb800000-39eb80a000 r-xp 00000000 09:01 80942952 /usr/lib64/libhal.so.1.0.0
39eb80a000-39eba09000 ---p 0000a000 09:01 80942952 /usr/lib64/libhal.so.1.0.0
39eba09000-39eba0a000 rw-p 00009000 09:01 80942952 /usr/lib64/libhal.so.1.0.0
39ec000000-39ec039000 r-xp 00000000 09:01 13369688 /lib64/libdbus-1.so.3.4.0
39ec039000-39ec239000 ---p 00039000 09:01 13369688 /lib64/libdbus-1.so.3.4.0
39ec239000-39ec23b000 rw-p 00039000 09:01 13369688 /lib64/libdbus-1.so.3.4.0
2b2524ec2000-2b2524ec4000 rw-p 2b2524ec2000 00:00 0
2b2524ece000-2b2524ed1000 rw-p 2b2524ece000 00:00 0
2b2524ed1000-2b2524edb000 r-xp 00000000 09:01 13369623 /lib64/libnss_files-2.5.so
2b2524edb000-2b25250da000 ---p 0000a000 09:01 13369623 /lib64/libnss_files-2.5.so
2b25250da000-2b25250db000 r--p 00009000 09:01 13369623 /lib64/libnss_files-2.5.so
2b25250db000-2b25250dc000 rw-p 0000a000 09:01 13369623 /lib64/libnss_files-2.5.so
7ffff0da4000-7ffff0db9000 rw-p 7ffffffea000 00:00 0 [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso]
