Support Center > Search Results > SecureKnowledge Details
'clish' and 'confd' processes consume CPU at high level after SSH session for non-local TACACS user has been expired/killed
Symptoms
  • 'clish' and 'confd' processes consume CPU at high level after SSH session for non-local TACACS user has been expired/killed.

  • Running strace (provided by Check Point Support) on clish process of expired non-local user session shows:

    socket(PF_UNIX, SOCK_STREAM, 0) = 13
    setsockopt(13, SOL_SOCKET, SO_SNDBUF, [65536], 4) = 0
    setsockopt(13, SOL_SOCKET, SO_RCVBUF, [65536], 4) = 0
    connect(13, {sin_family=AF_UNIX, path="/tmp/xgets"}, 13) = 0
    write(13, "\1\3\0\0\0:\0\0\0\0\0\0\1\0\0\7USERNAME\0\0\0\0volat"..., 70) = 70
    select(1024, [13], NULL, NULL, {10, 0}) = 1 (in [13], left {9, 999000})
    read(13, "\2\3\0\0\0\0\0\0\0\0\0\0", 12) = 12
    close(13) = 0
    unlink(umovestr: Input/output error 0x2) = -1 EFAULT (Bad address)
    uname({sys="Linux", node="HOSTNAME", ...}) = 0
    getuid32() = 0
    
  • Multiple Clish process running consuming high cpu
Cause

'clish' keeps running the session for expired TACACS non-local SSH session.

'clish' does not delete socket bindings after TACACS non-local SSH session has been expired.


Solution
Note: To view this solution you need to Sign In .