Date: Thu, 07 Oct 1999 10:55:34 -0600 From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: Random malfunction or hack? Message-ID: <4.2.0.58.19991007104520.043fbbb0@localhost>
next in thread | raw e-mail | index | archive | help
One of our servers, which runs FreeBSD, began to post a log message every five minutes indicating that a cron job had bombed. They looked like this: > pid 713 (cron), uid 0: exited on signal 10 > pid 712 (cron), uid 0: exited on signal 10 > pid 718 (cron), uid 0: exited on signal 10 > pid 721 (cron), uid 0: exited on signal 10 > pid 724 (cron), uid 0: exited on signal 10 > pid 727 (cron), uid 0: exited on signal 10 > pid 731 (cron), uid 0: exited on signal 10 The problem vanished when the system was rebooted. The only thing in the standard /etc/crontab for FreeBSD which runs every five minutes is /usr/libexec/atrun, which works with the "at" command. Are there any known exploits or rootkits that might cause "at" to bomb regularly like this? --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991007104520.043fbbb0>