Prev: Calculating IOPS and bandwidth for a disk / disk array
Next: NeoBux - O melhor PTC do Mundo
From: Geir on 21 Sep 2009 03:25
Hi,

We have a debian box which tries to log in as root to an external server
every minute. Several users have played with this box during the last
years and we suspect that the culprit might me some weather monitoring
software which tries to upload html pages displaying the current weather
settings.

However we are unable to find the annoying script. /etc/crontab does
not contain any user-added stuff.

What do we to to display ALL automatic (cron) jobs and settings for any
user on a debian box..?

Thanks for tips on this

regards geir
From: September Storm on 21 Sep 2009 03:41
Geir wrote:

> Hi,
>
> We have a debian box which tries to log in as root to an external
> server
> every minute. Several users have played with this box during the last
> years and we suspect that the culprit might me some weather monitoring
> software which tries to upload html pages displaying the current
> weather settings.
>
> However we are unable to find the annoying script. /etc/crontab does
> not contain any user-added stuff.
>
> What do we to to display ALL automatic (cron) jobs and settings for
> any user on a debian box..?
>
> Thanks for tips on this
>
> regards geir

They should be in /var/spool/cron/<usernamehere> You can grep that
directory's files.
From: The Natural Philosopher on 21 Sep 2009 03:45
Geir wrote:
> Hi,
>
> We have a debian box which tries to log in as root to an external server
> every minute. Several users have played with this box during the last
> years and we suspect that the culprit might me some weather monitoring
> software which tries to upload html pages displaying the current weather
> settings.
>
> However we are unable to find the annoying script. /etc/crontab does
> not contain any user-added stuff.
>
> What do we to to display ALL automatic (cron) jobs and settings for any
> user on a debian box..?
>
> Thanks for tips on this
>
> regards geir

It may not be cron at all.

See what daemons are lurking that you do not recognise..

If you can catch it, netstat will reveal what process is binding to a
socket.
From: Geir on 21 Sep 2009 04:03
September Storm wrote:

> They should be in /var/spool/cron/<usernamehere> You can grep that
> directory's files.

/var/spool/cron/crontab/root contains a line:

*/5 * * * * myscript

which seems to me to only be run every 5 minutes. Isn't it so? There
is no other file under /var/spool/cron

However syslog and messages show a certain htmlgend which is run every
minute. However I don't have a clue from which script this is run (I
want to stop it :-)

So what do I do?

regards geir
From: Geir on 21 Sep 2009 04:05
The Natural Philosopher wrote:
>
> It may not be cron at all.
>
> See what daemons are lurking that you do not recognise..
>
> If you can catch it, netstat will reveal what process is binding to a
> socket.

See above post. It seems to be a certain htmlgend. I have found the
file, but how do I find out its settings and eventually stop it?

geir
 |  Next  |  Last
Pages: 1 2 3 4
Prev: Calculating IOPS and bandwidth for a disk / disk array
Next: NeoBux - O melhor PTC do Mundo