> > I've finally found the culprit with a traditional method:
> > * md5 (binary from an uncompromised machine) on all files
> > * reinstalling from scratch (not buildworld, but really
> > installing from FTP)
> > * md5 again and diff.
>
> [snip]
>
> > Ugh... system clean again at last.
"Cordula's Web" <[EMAIL PROTECTED]> writes:
> I've finally found the culprit with a traditional method:
> * md5 (binary from an uncompromised machine) on all files
> * reinstalling from scratch (not buildworld, but really
> installing from FTP)
> * md5 again and diff.
[snip]
> Ugh... s
> > > > A file, let's say, /path/to/a/file, is being modified by
> > > > an unknown process P(u) at random times. Unfortunately,
> > > > the name of the program ran by P(u) is unknown.
> Not a lock as such, but:
>
> # chflags schg /path/to/a/file
>
> should achieve the effect you desire.
On Sun, Nov 23, 2003 at 11:17:57AM +0100, Cordula's Web wrote:
> > > A file, let's say, /path/to/a/file, is being modified by
> > > an unknown process P(u) at random times. Unfortunately,
> > > the name of the program ran by P(u) is unknown.
> >
> > Have you tried moving the file elsewhere
> > A file, let's say, /path/to/a/file, is being modified by
> > an unknown process P(u) at random times. Unfortunately,
> > the name of the program ran by P(u) is unknown.
>
> Have you tried moving the file elsewhere and seeing if anyone
> complains about the absence?
No, P(u) obviously
> > What is the canonical way to monitor accesses to a file?
> >
> > Problem description:
> >
> >
> > A file, let's say, /path/to/a/file, is being modified by
> > an unknown process P(u) at random times. Unfortunately,
> > the name of the program ran by P(u) is unknown.
> > A file, let's say, /path/to/a/file, is being modified by
> > an unknown process P(u) at random times. Unfortunately,
> > the name of the program ran by P(u) is unknown.
>
> I'd think the failsafe way to approach this is with a wrapper so that when
> process P accesses file F it's really
> > What is the canonical way to monitor accesses to a file?
> You may want to take a look at 'fam,' in /usr/ports/devel/fam , as some
> of the code's already been done for this type of monitoring AFAIK...
Yes, that is a nice framework to start with. It uses help from
the kernel (imon pseudo dev
> Problem description:
>
>
> A file, let's say, /path/to/a/file, is being modified by
> an unknown process P(u) at random times. Unfortunately,
> the name of the program ran by P(u) is unknown.
>
> The goal is to catch P(u) "red-handed," just the moment
> it accesses /pat
On Saturday, 22 November 2003 at 23:58:10 +0100, Cordula's Web wrote:
> Hello list,
>
> maybe someone knows the answer for the following problem already?
>
> Summary:
>
> What is the canonical way to monitor accesses to a file?
>
> Problem description:
>
>
> A file
At 05:58 PM 11/22/2003, Cordula's Web wrote:
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
Being a newbie I'm going against my better judgement by offering my
thoughts. The pro
Cordula's Web wrote:
Hello list,
maybe someone knows the answer for the following problem already?
Summary:
What is the canonical way to monitor accesses to a file?
Problem description:
A file, let's say, /path/to/a/file, is being modified by
an unknown process P
Hello list,
maybe someone knows the answer for the following problem already?
Summary:
What is the canonical way to monitor accesses to a file?
Problem description:
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random tim
13 matches
Mail list logo