+I have a process running on one of my Raq4's called CROND. Not to be +mistaken with crond. + +root 4180 0.0 0.1 1156 536 ? S 14:09 0:00 CROND + +I am unaware of what this process is. The latest chkrootkit shows no hacks. + +A reboot of the machine cleared it out but it came back again the next day. + +Any ideas of what this might be? + +Thanks + +Tom
CROND is part of a root kit hack. I forget which one. http://list.cobalt.com/pipermail/cobalt-users/2001-February/038052.html -Check your netstat output for any strange open ports. -Check your /etc/inetd.conf file -Check /root/.bash_history -Also try searching for .psybnc and .crond and examine your /.tmp directories. For additional reference see: http://www.lucidic.net/whitepapers/sholcroft-4.1-2002.html http://www.beimborn.com/security/chkconfig_nmap.html _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
