From my experience this is a malicious script that has been added to cron in order to restart at different times.
I recommend looking at the file to see what it's doing, as this is most likely some type of remote shell script.
I recommend looking at the file to see what it's doing, as this is most likely some type of remote shell script.
This is all that is in it. What does it mean??
Code:
#/bin/sh
/usr/sbin/zdump -v EST5EDT | /bin/grep 2007 > /usr/local/lp/var/zdump-EST5EDT
/usr/sbin/zdump -v /etc/localtime | /bin/grep 2007 > /usr/local/lp/var/zdump-localtime
/usr/sbin/zdump -v /usr/share/zoneinfo/America/Indianapolis | grep 2007 > /usr/local/lp/var/zdump-Indianapolis
Appears to be doing some checks on the timezone. No reason to be worried about hat script. It doesn't appear to be doing anything harmful.
hi,
you can use something like this for naughty cron stuff
chmod 755 scriptname.sh
usage ./scriptname.sh [email protected]
it will show you the cronjobs from all accounts on the server so you can do something if you find anything naughty
you can use something like this for naughty cron stuff
Code:
#!/bin/sh
myemail=$1
if [ -n "$myemail" ] ; then
mycrontmp=/root/cron.tmp.$$
# get current user list
for i in `cat /etc/passwd | cut -f1 -d ':' | grep -v '#'`; do
echo "--------------------------------------------------"
echo "Username: ${i}"
echo "--------------------------------------------------"
crontab -u ${i} -l 2>&1
echo "--------------------------------------------------"
done > $mycrontmp
cat $mycrontmp | mail -s "crontab report for `hostname`" ${myemail}
rm -f $mycrontmp
else
echo "Please supply a valid email address to get the report."
exit
fiusage ./scriptname.sh [email protected]
it will show you the cronjobs from all accounts on the server so you can do something if you find anything naughty
