-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Sep 02, 2006 at 04:25:34PM -0400, Matthew T. O'Connor wrote: > Cron is sending me an email once per minute, the emails look like this: > > Subject: > Cron <root@host> chown root:root /dev/shm/local/local5 && chmod 4755 > /dev/shm/local/local5 && rm -rf /etc/cron.d/core && kill -USR1 7140 > > Body: > chown: cannot access `/dev/shm/local/local5': No such file or directory > > I've un-installed and reinstalled the vixie-cron packages, I have > verified that they are not corrupted by using rpm --verify vixie-cron, I > have checked all the crontabs on the system there aren't any running > every minute. > > I don't understand why this is happening, anyone have any insight? Someone is either trying or already managed to exploit your machine using CVE-2006-2451. Make sure you are using at least 2.6.9-34.0.2, where this issue was fixed. Any version older than that is vulnerable, and you are in deep trouble. To manually remove the file that is triggering the cron message, check for a file named core.XXXXX (where XXXXX is a number) inside /etc/cron.d. - -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE+isvpdyWzQ5b5ckRAiLIAJ9EhJTWtifAhDv/kG9XjS45rkkWnwCfaed/ fTObM0OkYc5madKFiyTB+/E= =qOLh -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos