Binary file created in / with same name as root password, seemingly
sporadically
Jonathan Neill
TYR124840 at tyler.net
Thu Mar 4 13:11:12 PST 2004
Apologies if this is a stupid question and I should RTFM, but something on
my Freebsd-5.1 box is creating a binary file in / with the same name as my
root password and I was curious as to what exactly this might be. (I
always SSH into the box on a regular user then su root to do work.)
FreeBSD localhost 5.1-RELEASE FreeBSD 5.1-RELEASE #2: Sun Feb 29 21:36:25
CST 2004 jon at localhost:/usr/src/sys/i386/compile/jon i386
/# cat /etc/rc.conf
sshd_enable="YES"
ifconfig_sis0="DHCP"
inetd_enable="NO"
update_motd="NO"
enable_quotas="NO"
hostname="localhost"
/# ps x
PID TT STAT TIME COMMAND
0 ?? DLs 0:00.01 (swapper)
1 ?? ILs 0:00.17 /sbin/init --
2 ?? DL 0:00.23 (g_event)
3 ?? DL 0:02.11 (g_up)
4 ?? DL 0:11.78 (g_down)
5 ?? IL 0:00.00 (acpi_task0)
6 ?? IL 0:00.00 (acpi_task1)
7 ?? IL 0:00.00 (acpi_task2)
8 ?? DL 0:00.00 (pagedaemon)
9 ?? DL 0:00.00 (vmdaemon)
10 ?? DL 0:00.00 (ktrace)
11 ?? RL 21:24.98 (idle)
12 ?? WL 0:02.10 (swi1: net)
13 ?? WL 0:03.77 (swi7: tty:sio clock)
15 ?? DL 0:00.94 (random)
18 ?? WL 0:00.00 (swi6: acpitaskq)
21 ?? WL 2:38.15 (irq14: ata0)
23 ?? WL 0:02.39 (irq11: sis0)
24 ?? WL 0:00.00 (irq6: fdc0)
31 ?? DL 0:20.40 (pagezero)
32 ?? DL 0:01.18 (bufdaemon)
33 ?? DL 0:02.34 (syncer)
34 ?? DL 0:00.02 (vnlru)
35 ?? IL 0:00.00 (nfsiod 0)
36 ?? IL 0:00.00 (nfsiod 1)
37 ?? IL 0:00.00 (nfsiod 2)
38 ?? IL 0:00.00 (nfsiod 3)
114 ?? Is 0:00.00 adjkerntz -i
185 ?? Is 0:00.00 /sbin/dhclient sis0
237 ?? Is 0:00.02 /usr/sbin/syslogd -s
365 ?? Is 0:00.22 /usr/sbin/sshd
385 ?? Ss 0:00.02 /usr/sbin/cron
401 ?? Is 0:00.00 /usr/local/sbin/smbd -D
403 ?? Ss 0:00.14 /usr/local/sbin/nmbd -D
440 ?? Is 0:00.05 sshd: jon [priv] (sshd)
63211 ?? Is 0:00.04 sshd: jon [priv] (sshd)
445 p0 I 0:00.02 su root
446 p0 I 0:00.09 _su (csh)
63808 p1 I+ 0:00.00 (sh)
63809 p1 I+ 0:00.01 (sh)
63216 p2 I 0:00.02 su root
63217 p2 S 0:00.04 _su (csh)
63874 p2 R+ 0:00.00 ps x
436 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1
437 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2
438 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3
439 v4 Is+ 0:00.01 /usr/libexec/getty Pc ttyv4
435 con Is+ 0:00.01 /usr/libexec/getty Pc console
More information about the freebsd-questions
mailing list