How to trace short lived suspecious-processes

Hi My load-average started to go above its usual baseline today, so I kept on checking the process manager. From what I have seen, the server is getting each 1 second a process triggered by the user "nobody" and it is always calling the php-cgi as marked in red. Note: all my-websites use their username to call the php process that is why I am suspicious of something fishy going on here. The process is too short to issue an strace (by the time I type the PID, it is finished) so how can strace it in advance i.e., to set some sort of filter which will capture any the call to /opt/cpanel/ea-php71/root/usr/bin/php-cgi when it is called by the user nobody. My thought process is to find what script it is executing or trying to execute so I can get an idea of what is going on. Any ideas on this issue? alternative approaches are so welcome :) Update: I managed to partially trace (somewhere in the middle while it was running) and got the following: What is going on here?

strace: Process 25475 attached
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
restart_syscall(<... resuming interrupted poll ...>) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
futex(0x5566f013ca00, FUTEX_WAKE_PRIVATE, 1) = -1 ENOSYS (Function not implemented)
poll([{fd=24, events=POLLIN}, {fd=26, events=POLLIN}], 2, -1) = -1 ENOSYS (Function not implemented)
fcntl(26, F_GETFL)                      = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR|O_NONBLOCK)   = -1 ENOSYS (Function not implemented)
accept4(26, 0x7ffdc077c610, [2], SOCK_CLOEXEC) = -1 ENOSYS (Function not implemented)
fcntl(26, F_SETFL, O_RDWR)              = -1 ENOSYS (Function not implemented)
fcntl(348, F_SETFD, FD_CLOEXEC)         = -1 ENOSYS (Function not implemented)
futex(0x5566f013f224, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x5566f013f220, FUTEX_OP_SET<<28|0<<12|FUTEX_OP_CMP_GT<<24|0x1) = -1 ENOSYS (Function not implemented)
cPanelLauren
August 04, 2020 15:01
The nobody user is apache's default user, I'd suggest opening a ticket for this as it's actually pretty difficult to diagnose this without access to the server and that strace output you obtained is actually not very helpful.
oah
August 06, 2020 19:11
I solved it for the time being by removing the setting the permission to 750 on php-cgi binary and everything went to normal again. Let me see how can we arrange access for you guys. just one quick question though, I thought you need to strace the process while it is running so how do you plan on stracing if it is bursty? Thx again.
August 07, 2020 01:57
That makes it more difficult to strace but it is also possible to see the configuration on the server and understand what is causing the behavior in some cases.
August 07, 2020 17:50
I get your point. Thank you guys for the support. For the time being feel free to mark the thread as solved :) It will be really great if you can think of some method to catch such bursty processes (if you find any feel free to post it here as a reply). I mean there gotta be a way to set up a filter/log and tell it whenever the user "nobody" calls the php-cgi binary just log it (long the whole command along with as much information as possible). Thx
How to trace short lived suspecious-processes

Comments

Didn't find what you were looking for?
