OT: Linux tip

Jay R. Ashworth jra at baylink.com
Thu Oct 18 10:53:08 PDT 2007


I got rootkitted last month, on my sister's MythTV box, by a Polish IRC
bot I can't remember the name of just now, that turned up in a ps as
./miracle, and was in /var/tmp/keystuff.

I figured out where it was by going to /proc/PID/cwd, and that
suggested to me, just now, a pretty cool way to tell what's *really*
running on your machine, assuming someone hasn't monkeyed with ls and
/proc:

ls -l /proc/*/exe

Give it a try.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274


More information about the Filepro-list mailing list