hunting trojans: does vmail user need its own crond??
Brandon Vincent (Student)
Brandon.Vincent at asu.edu
Tue Jun 9 06:16:51 UTC 2015
Robert,
crond should not be running as any other account other than root. Can you identify the full path of the suspicious crond? For example, to find the full path of crond (running under the other user):
[linus at ubuntu ~]# ps aux | grep [c]rond
linus 1013 0.0 0.1 116864 1100 ? Ss Apr20 0:09 crond
[linus at ubuntu ~]# readlink -f /proc/1013/exe
/home/linus/.crond/crond
Brandon Vincent
More information about the ubuntu-users
mailing list