Quote:
Originally Posted by
ssachins
Is there any way to find out who (from which server) is publishing the file?
Use "ls -l <filename>" to find out which user/group the file belongs to. Then try the following:
Have a look in the crontab of this user and the root user, maybe the file is not "pushed" to the server, but "pulled". ("su" to the user and issue "crontab -l").
If you are using ssh/scp to connect between servers have a look in the users "authorized_keys" file (usually located in "~/.ssh", depending on ssh-configuration) and investigate the user/host combinations mentioned there. Check the crontabs of these users on the remote hosts too.
Set up "tcpdump" (read the manpage carefully, it can produce awful lots of output) to trace the incoming connection sending the file to its originating host, then investigate on this remote host. Start with the time around the timestamp of the file, probably its being sent every day at the same time.
I hope this helps.
bakunin