[NTLUG:Discuss] Have I been Hacked?
Bug Hunter
bughuntr at one.ctelcom.net
Tue Apr 2 08:48:43 CST 2002
On Tue, 2 Apr 2002, david ross wrote:
> I use a program called "chkrootkit" i keep it on a floppy and run it
> weekly.My cron also runs the HD pretty hard,but i have no clue why.
>
>
>
>
>
> On Monday 01 April 2002 07:53 am, you wrote:
> > So, Im sitting at my system before heading to work this morning and for
> > some reason, the hard drive is running (and all Im doing is looking at a
> > website). So, either konqueror has a nasty memory leak (wouldnt suprise
> > me) or something weird is going on.
> >
> > A top showed that "find" was running, which seemed odd. A "ps ax" showed
> > several things that may or may not have been legit, but two things
> > jumped out at me:
> >
> >
> > 13485 ? S 0:00 /USR/SBIN/CRON
> > 21211 ? R 0:00 find / -xdev ( -false ) -prune -o ( -type f
> > -perm +06000 -o ( ( -type b -o -type c ) -a -not ( -false ) ) ) -printf
> > %8i %5m %3n %-10u %-10g %9s %t %h/%f?n
> >
> > The first one: why the capital letters? Never seen them before.
> > The second: wtf is this command trying to do?
assuming it is legit, this is the updatedb progrm running overnight to
update the "locate" command's database.
man locate
More information about the Discuss
mailing list