hunting trojans: does vmail user need its own crond??

Brandon Vincent (Student) Brandon.Vincent at
Tue Jun 9 06:16:51 UTC 2015


crond should not be running as any other account other than root. Can you identify the full path of the suspicious crond? For example, to find the full path of crond (running under the other user):

[linus at ubuntu ~]# ps aux | grep [c]rond
linus      1013  0.0  0.1 116864  1100 ?        Ss   Apr20   0:09 crond

[linus at ubuntu ~]# readlink -f /proc/1013/exe

Brandon Vincent

More information about the ubuntu-users mailing list