Is there a way to find bloody crons? Specifically one that are running every minute! Im getting hammered by some jobs that were trying to change permissions on an account, it runs everyminute, i deleted the path where it was trying to edit, i just cant find the source!
If that helps or makes any sense.... i get 1 of those emails in my queue every 30sec-1min. By the end of the day i delete thousands of them. >.< only because it doesnt go anywhere obvously. But a job is still running and i need to find out where it is some how. Any ideas? Thanks in advanced
Code:
1GQrpV-0005cn-4w-H
root 0 0
<[email protected]>
1158957661 0
-ident root
-received_protocol local
-body_linecount 2
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-deliver_firsttime
-local
XX
1
[email protected]
158P Received: from root by site.mydomain.com with local (Exim 4.52)
id 1GQrpV-0005cn-4w
for [email protected]; Sat, 23 Sep 2006 06:41:01 +1000
025* From: root (Cron Daemon)
049F From: [email protected] (Cron Daemon)
009* To: root
033T To: [email protected]
099 Subject: Cron <[email protected]> [B]chown root /tmp/pwned; chmod 4755 /tmp/pwned; rm -f[/B] /etc/cron.d/core
028 X-Cron-Env: <SHELL=/bin/sh>
049 X-Cron-Env: <PATH=/usr/bin:/usr/sbin:/sbin:/bin>
025 X-Cron-Env: <HOME=/root>
027 X-Cron-Env: <LOGNAME=root>
024 X-Cron-Env: <USER=root>
056I Message-Id: <[email protected]>
038 Date: Sat, 23 Sep 2006 06:41:01 +1000
---
1GQrpV-0005cn-4w-D
chown: cannot access `/tmp/pwned': No such file or directory
chmod: cannot access `/tmp/pwned': No such file or directory
