[lug] Discovering calling process
stimits at idcomm.com
Fri Dec 15 16:04:54 MST 2000
"Scott A. Herod" wrote:
> To find out who was starting certain processes, I ended up
> replacing everything that I wanted to know about with a script
> that sent the output of 'ps -elf' to a /tmp and then
> called the moved, actual process. Turns out I had a modified
> version of 'egrep'. :-(
> Things to learn: Practice safe networking from the very
> beginning, and get rid of the rpc Trojan Horse.
Do you think the egrep was a "malicious" modified version then? I'm
curious as to where/how you believe it got on your system.
More information about the LUG