mufka
10-25-2001, 07:57 AM
I suspect that my crond on my Redhat 6.1 box may have been hacked. Is there a way to see what it is running?
Click to See Complete Forum and Search --> : Hacked crond
Icarus
10-25-2001, 10:07 AM
crontab -l (that is a lowercase 'L')
should give you a list of what it runs. Every user has their own crontab, so this way might need you to hop around all the users (including root)
[ 25 October 2001: Message edited by: mahdi ]
should give you a list of what it runs. Every user has their own crontab, so this way might need you to hop around all the users (including root)
[ 25 October 2001: Message edited by: mahdi ]
mufka
10-26-2001, 08:41 AM
I'm thinking if crond was hacked, crontab might not be working correctly either. If I replace the binaries, I won't be able to see what the hacked version was doing.
X_console
10-26-2001, 10:39 AM
To check if crond has been tainted, pop in your Linux CD and extract the crond that came with it. Then run md5sum on crond that came from the CD and the one installed on your system. If the signature is the same, then you're safe. If they're different then the one in your system has been changed somehow.
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.