"find" unix command running by itself

Networking/Security Forums -> Macintosh

Author: mk2000 PostPosted: Wed Jul 26, 2006 7:34 am    Post subject: "find" unix command running by itself
    ----
Something strange happened to my G5.

The "find" unix command started running by itself in the background.

I noticed intense disk activity and brough up top and instantly saw "find" actively running. What it was trying to find I have no idea.

I'm running Mac OS X 10.4.7 using FileVault with Spotlight turned off.

The only network service open was Windows Sharing. I use the application EasyFind to find my files but that is not suppose to run any kind of indexing service.

I immediately turned off Windows Sharing and disconnected my Ethernet.
I ran ps -aux but by the time I did it, the find command had already stopped.
I checked my logs (console, system, smb) but nothing out of the ordinary appeared.

I'm a Mac Specialist at a University but I don't recall any Macs having "find" start to run for no reason. Any ideas?

Thanks.

Fernando

Author: capiLocation: Portugal PostPosted: Wed Jul 26, 2006 8:02 am    Post subject:
    ----
Hello, mk2000, welcome to SFDC!

One possible reason for commands running without interaction is if they're being run by the cron daemon. Have you checked any cron jobs you might have? There could be some script that uses "find" to do something.

Author: Sunnet BeskermingLocation: Australia PostPosted: Tue Aug 01, 2006 8:56 am    Post subject: A couple of extra options
    ----
Hi Fernando,

It could be possible that the 'locate' command was building a locate database on one of the Windows shares and the termination of the connection prevented it from completing it's task (although it may not use 'find' to do this).

The other extreme possibility is that there might be a bug in Apple's SMB implementation similar to the one that has recently been patched in Windows and someone has connected from within the University network and somehow gained shell access (this would make it much worse than the Windows issue if it was the case, as Windows was only a DoS, not arbitrary code exec.).



Networking/Security Forums -> Macintosh


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group