Is there a way to monitor what users (and from what location) are running a process, for example perl?
I need to track down who's spawning 'spoof' processes that are actually perl scripts. I was thinking of some kind of script to replace /usr/bin/perl that logs the action and then passes it on to the 'real' perl (say perl.hidden)
Any ideas?
I need to track down who's spawning 'spoof' processes that are actually perl scripts. I was thinking of some kind of script to replace /usr/bin/perl that logs the action and then passes it on to the 'real' perl (say perl.hidden)
Any ideas?