mirror of
https://github.com/waytotheweb/scripts.git
synced 2026-03-29 16:57:07 +00:00
32 lines
391 B
Plaintext
32 lines
391 B
Plaintext
From: root
|
|
To: root
|
|
Subject: lfd on [hostname]: Suspicious process running under user [user]
|
|
|
|
Time: [time]
|
|
PID: [pid]
|
|
Account: [user]
|
|
Uptime: [uptime] seconds
|
|
|
|
|
|
Executable:
|
|
|
|
[exe]
|
|
|
|
|
|
Command Line (often faked in exploits):
|
|
|
|
[cmdline]
|
|
|
|
|
|
Network connections by the process (if any):
|
|
|
|
[sockets]
|
|
|
|
Files open by the process (if any):
|
|
|
|
[files]
|
|
|
|
Memory maps by the process (if any):
|
|
|
|
[maps]
|