On Wed, 2009-06-03 at 11:06 -0400, William L. Maltby wrote: > <snip> I just thought of this too. There are two IDs tracked by the system. Effective (EUID) and the real ID (UID). If the process has changed UID, by either suid bit or by program call (I think it has to start as root for that to happen?), you can run ps with a flag that will show you the real and/or EUID. That might provide a clue as well. HTH -- Bill _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- From: "William L. Maltby" <CentOS4Bill@xxxxxxxxxxxx>
- Date: Wed, 03 Jun 2009 11:15:41 -0400
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <1244041615.4053.11.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <12b4b01c9e40c$29fd0cc0$0301a8c0@xxxxxxxxx> <8240.75642.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1244041615.4053.11.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- References:
- Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- From: bruce
- Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- From: Linux Advocate
- Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- From: William L. Maltby
- Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Prev by Date: Re: Hi ALL!!!
- Next by Date: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Previous by thread: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Next by thread: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Index(es):
 |