[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] CROND

Subject: Re: [cobalt-security] CROND
From: Declan Caulfield <declan@xxxxxxxxxx>
Date: Wed, 27 Nov 2002 00:36:32 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Check netstat for any pipes or ports open.
Grep /var/log/messages for any mention, note date/time.

I guess you have checked crontab, /etc/cron.* for any trace.

Good luck. 
./Declan

 On 26/11/02 23:42, Jamie - i-Dot at jamie@xxxxxxxxx wrote:

> Try locate CROND
> 
> Or a similar find,
> 
> You could also try netstat  to see what port its running on / any
> unusual external ports open.
> 
> Do you have a crond AND a CROND ?
> 
> Could it be a cron process which has spawned, but not exited?
> 
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Skyhound
> Internet
> Sent: 26 November 2002 22:12
> To: cobalt-security@xxxxxxxxxxxxxxx
> 
> I have a process running on one of my Raq4's called CROND.  Not to be
> mistaken with crond.
> 
> root      4180  0.0  0.1  1156  536 ?        S    14:09   0:00 CROND
> 
> I am unaware of what this process is. The latest chkrootkit shows no
> hacks.
> 
> A reboot of the machine cleared it out but it came back again the next
> day.
> 
> Any ideas of what this might be?
> 
> Thanks
> 
> Tom
> 
> _______________________________________
> Skyhound Internet
> Long Beach CA
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> 
> 
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> 


./Declan


Declan Caulfield | Chief Technology Officer | Kamera
Drottninggatan 92-94 | SE-111 36 Stockholm, Sweden | www.kamera.com
Tel: +46 8 50 65 76 86 | Fax: +46 8 50 65 71 00 | Mobile: +46 736 257 686

||| Office locations in Europe
||| Stockholm(hq) - London - Paris

This communication contains information which is confidential and may also
be privileged. It is for the exclusive use of the intended recipient(s).
Batteries not included. If you are not the intended recipient(s), please
note that any distribution, copying or use of this communication or the
information in it is strictly prohibited. Seymour Cray, your use of tunnels
have been an inspiration. If you have received this communication in error,
please notify the sender immediately and then destroy any copies of it.

References:
- RE: [cobalt-security] CROND
  - From: Jamie - i-Dot

Prev by Date: RE: [cobalt-security] CROND
Next by Date: RE: [cobalt-security] CROND
Previous by thread: RE: [cobalt-security] CROND
Next by thread: RE: [cobalt-security] CROND

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index