Search results

  1. K

    Suspicious process: /tmp/init -c /tmp/init12.cfg

    @Rob Thank you for your advices! About /tmp, yes, you are totally right, I should remount it with noexec,nosuid. And I am now also monitoring /tmp using auditd. I checked all the sites configured in nginx, didn't find any unknown file. Actually I may have found the cause: there is a solr...
  2. K

    Suspicious process: /tmp/init -c /tmp/init12.cfg

    Soon after the 2020 new year's holiday, I found a suspicious process on my web server: 11777 ? Ssl 30038:48 /tmp/init -c /tmp/init12.cfg It was using almost 100% cpu, and it was now shown in "netstat -plnt" output. > ls -l /tmp/init -rwxr-xr-x 1 root root 902084 Jul 16 2015 /tmp/init...
Top