[lug] Discovering calling process

D. Stimits stimits at idcomm.com
Fri Dec 15 16:04:54 MST 2000


"Scott A. Herod" wrote:
> 
> To find out who was starting certain processes, I ended up
> replacing everything that I wanted to know about with a script
> that sent the output of 'ps -elf' to a /tmp and then
> called the moved, actual process.  Turns out I had a modified
> version of 'egrep'. :-(
> 
> Things to learn:  Practice safe networking from the very
> beginning, and get rid of the rpc Trojan Horse.
> 
> Scott
> 

Do you think the egrep was a "malicious" modified version then? I'm
curious as to where/how you believe it got on your system.




More information about the LUG mailing list