[NTLUG:Discuss] Have I been Hacked?
Mark Bainter
mark-ntlug at cymry.org
Tue Apr 2 10:22:34 CST 2002
Jason Ferguson [jferg3 at swbell.net] wrote:
> So, Im sitting at my system before heading to work this morning and for
> some reason, the hard drive is running (and all Im doing is looking at a
> website). So, either konqueror has a nasty memory leak (wouldnt suprise
> me) or something weird is going on.
>
> A top showed that "find" was running, which seemed odd. A "ps ax" showed
> several things that may or may not have been legit, but two things
> jumped out at me:
>
>
> 13485 ? S 0:00 /USR/SBIN/CRON
As others have noted, it's just cron.
> 21211 ? R 0:00 find / -xdev ( -false ) -prune -o ( -type f
> -perm +06000 -o ( ( -type b -o -type c ) -a -not ( -false ) ) ) -printf
> %8i %5m %3n %-10u %-10g %9s %t %h/%f?n
>
> The first one: why the capital letters? Never seen them before.
> The second: wtf is this command trying to do?
I believe your find command there is finding all the files on the
system which are setuid or setgid and are either regular, binary, or
character files, and then printing it in a list like so:
inode perm num_of_links owner group size last_mod dir name
--
... so long as the people do not care to exercise their freedom, those who
wish to tyrranize will do so; for tyrants are active and ardent, and will
devote themselves in the name of any number of gods, religious and
otherwise, to put shackles upon sleeping men.
-- Voltarine de Cleyre
More information about the Discuss
mailing list