Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Backdoors etc
Top Forums UNIX for Dummies Questions & Answers Backdoors etc Post 33489 by skotapal on Tuesday 7th of January 2003 10:38:40 AM
Old 01-07-2003
Backdoors etc
Hi all
Is there a way I can detect and monitor backdoors that may be present on a system? I want to see how users can come in and if possible log their IPs and ban them from the system altogether.

Also, is there a way other than cron and at to have a script start off a program? I can see a process coming up but cannot find out how it is starting up again and again.

Much appciated....


KS
 

We Also Found This Discussion For You

1. UNIX for Advanced & Expert Users

Any backdoors?

Hello All: I left an important file on my computer in Montana (I'm in Arizona). It is running Mac OS 10.2.7. For some reason it appears file sharing is off, I don't understand how that happened because I have logged in remotely before. Can someone please tell me if there is any way to use... (7 Replies)
Discussion started by: jellegard
7 Replies

LEARN ABOUT OPENDARWIN

cron

cron(1M)                                                  System Administration Commands                                                  cron(1M)

NAME

       cron - clock daemon

SYNOPSIS

       /usr/sbin/cron

DESCRIPTION

       cron starts a process that executes commands at specified dates and times.

       You   can   specify   regularly   scheduled  commands  to  cron  according  to  instructions  found  in  crontab  files  in  the  directory
       /var/spool/cron/crontabs. Users can submit their own crontab file using the crontab(1) command. Commands which are to be executed only once
       can be submitted using the at(1) command.

       cron  only examines crontab or at command files during its own process initialization phase and when the crontab or at command is run. This
       reduces the overhead of checking for new or changed files at regularly scheduled intervals.

       As cron never exits, it should be executed only once. This is done routinely by way  of  the  svc:/system/cron:default  service.  The  file
       /etc/cron.d/FIFO file is used as a lock file to prevent the execution of more than one instance of cron.

       cron captures the output of the job's stdout and stderr streams, and, if it is not empty, mails the output to the user. If the job does not
       produce output, no mail is sent to the user. An exception is if the job is an at(1) job and the -m option was specified when  the  job  was
       submitted.

       cron and at jobs are not executed if your account is locked. Jobs and processses execute. The shadow(4) file defines which accounts are not
       locked and will have their jobs and processes executed.

   Setting cron Jobs Across Timezones
       The timezone of the cron daemon sets the system-wide timezone for cron entries. This, in turn, is  by  set  by  default  system-wide  using
       /etc/default/init.

       If  some  form  of  daylight savings or summer/winter time is in effect, then jobs scheduled during the switchover period could be executed
       once, twice, or not at all.

   Setting cron Defaults
       To keep a log of all actions taken by cron, you must specify CRONLOG=YES in the /etc/default/cron file. If you specify CRONLOG=NO, no  log-
       ging is done. Keeping the log is a user configurable option since cron usually creates huge log files.

       You  can  specify the PATH for user cron jobs by using PATH= in /etc/default/cron. You can set the PATH for root cron jobs using SUPATH= in
       /etc/default/cron. Carefully consider the security implications of setting PATH and SUPATH.

       Example /etc/default/cron file:

       CRONLOG=YES
       PATH=/usr/bin:/usr/ucb:

       This example enables logging and sets  the  default  PATH  used  by  non-root  jobs  to  /usr/bin:/usr/ucb:.  Root  jobs  continue  to  use
       /usr/sbin:/usr/bin.

       The cron log file is periodically rotated by logadm(1M).

FILES

       /etc/cron.d                     Main cron directory

       /etc/cron.d/FIFO                Lock file

       /etc/default/cron               cron default settings file

       /var/cron/log                   cron history information

       /var/spool/cron                 Spool area

       /etc/cron.d/queuedefs           Queue description file for at, batch, and cron

       /etc/logadm.conf                Configuration file for logadm

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+

SEE ALSO

       svcs(1), at(1), crontab(1), sh(1), logadm(1M), svcadm(1M), queuedefs(4), shadow(4), attributes(5), smf(5)

NOTES

       The cron service is managed by the service management facility, smf(5), under the service identifier:

       svc:/system/cron:default

       Administrative  actions  on  this  service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser-
       vice's status can be queried using the svcs(1) command.

DIAGNOSTICS

       A history of all actions taken by cron is stored in /var/cron/log and possibly in /var/cron/olog.

SunOS 5.10                                                          5 Aug 2004                                                            cron(1M)
All times are GMT -4. The time now is 01:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy