mirror of
https://github.com/waytotheweb/scripts.git
synced 2026-03-29 18:07:07 +00:00
GPL v3 Release
This commit is contained in:
chirpy
31
csf/processtracking.txt
Normal file
31
csf/processtracking.txt
Normal file
@@ -0,0 +1,31 @@
|
||||
From: root
|
||||
To: root
|
||||
Subject: lfd on [hostname]: Suspicious process running under user [user]
|
||||
|
||||
Time: [time]
|
||||
PID: [pid]
|
||||
Account: [user]
|
||||
Uptime: [uptime] seconds
|
||||
|
||||
|
||||
Executable:
|
||||
|
||||
[exe]
|
||||
|
||||
|
||||
Command Line (often faked in exploits):
|
||||
|
||||
[cmdline]
|
||||
|
||||
|
||||
Network connections by the process (if any):
|
||||
|
||||
[sockets]
|
||||
|
||||
Files open by the process (if any):
|
||||
|
||||
[files]
|
||||
|
||||
Memory maps by the process (if any):
|
||||
|
||||
[maps]
|
||||
Reference in New Issue
Block a user