Initial investigation
I checked to see what RPMs this application was a part of.
$ type -a abrt-action-generate-core-backtrace
abrt-action-generate-core-backtrace is /usr/bin/abrt-action-generate-core-backtrace
abrt-action-generate-core-backtrace is /bin/abrt-action-generate-core-backtrace
$ rpm -qf /usr/bin/abrt-action-generate-core-backtrace /bin/abrt-action-generate-core-backtrace
abrt-addon-ccpp-2.1.10-1.fc19.x86_64
abrt-addon-ccpp-2.1.10-1.fc19.x86_64
That package's description is as follows:
This package contains hook for C/C++ crashed programs and abrt's C/C++
The RPM also mentions this URL: https://fedorahosted.org/abrt/. That URL takes you to a page that claims it's obsolete, directing you now to a GitHub page: https://github.com/abrt/abrt/wiki/ABRT-Project
ABRT
This is apparently a package for reporting problems.
ABRT is a set of tools to help users detect and report problems. It's main purpose is to ease the process of reporting an issue and finding a solution.
It goes on to also describe it as follows:
ABRT consists of a daemon that monitors logs, system crashes and triggers events based on the type of crash. Also provides desktop notification that popup at the time of a crash. The user can work with gnome-abrt, GUI that presents a list of crashes and available actions or abrt-cli, command line interface with similar functionality.
The overview page lists the following features of the ABRT daemon that it will automatically detect issues for, and automatically report logs back to "somewhere".
- C/C++ crashes
- generates backtrace automatically (installs debuginfo pkgs if necessary)
- identifies the crashing function
- unhandled Python exceptions
- kernel oopses (non critical)
- kernel crashes (critical, system crashes)
- XORG crashes (xorg doesn't crash like other C/C++ programs)
- Java exceptions (using JVMTI, still proof of concept, might have performance impact)
So what was it doing?
The overview page mentioned this path for ABRT, /var/tmp/abrt
.
$ ls -l /var/tmp/abrt/
total 4536
-rw-------. 1 root root 13344768 Jan 9 19:32 abrt-applet-coredump
-rw-------. 1 root root 13 Jan 17 12:13 last-ccpp
-rw-------. 1 root root 15 Jan 13 17:13 last-via-server
The file for today, last-ccpp
would be the likely candidate for what abrt...
was up to. That file wasn't much help.
$ sudo more /var/tmp/abrt/last-ccpp
/usr/bin/bash
$
The overview page then showed a screenshot that I did recognize. So I think killing the abrt...
process is not much of a risk at all.