A large number of cracker files with name FOO** are created by some of the process. I executed following command to found culprit process lsof -f -F /tmp/*
But didn't found anything useful.
Is there any better way to catch culprit process.
Asked
Active
Viewed 76 times
0
-
mmm, crackers... – glenn jackman Apr 26 '11 at 15:04
-
Out of curiousity, what do you mean by "cracker files" anyway? – DictatorBob Apr 26 '11 at 19:29
2 Answers
1
You'll want to use the audit subsystem to track down the rogue process.
Ignacio Vazquez-Abrams
- 45,939
- 6
- 79
- 84
0
lsof |grep FOO # should give a listing of processes that are creating at that time files with the name FOO
if there is not output from this you may need to setup a cronjob do list every minute - I'm thinking perhaps the process is not running all the time. if nothing comes up from this look when the files were created
stat FOO
look at the owner/permissions/modification time etc. and see if something may tell you something
silviud
- 2,687
- 2
- 18
- 19