Subj : Ubuntu, Crypto Malware
To   : Android8675
From : Digital Man
Date : Wed Nov 30 2022 11:53 am

  Re: Ubuntu, Crypto Malware
  By: Android8675 to Digital Man on Wed Nov 30 2022 08:27 am

 >   Re: Ubuntu, Crypto Malware
 >   By: Digital Man to Android8675 on Tue Nov 15 2022 11:51 am
 >
 >  > Re: Ubuntu, Crypto Malware
 >  > By: Android8675 to All on Tue Nov 15 2022 07:51 am
 >
 >  > > Hey all, anyone have any experience with crypto infected Linux systems?
 >
 >  > > So, before I do that I thought I might see if there's anyone who's had
 >  > > experience with this sort of thing who might be willing to take a peek?
 >
 >  > I was running a version of GitLab (a year ago?) that had an exploit
 >  > published and I was vulnerable for about 24 hours before upgrading to a
 >  > fixe
 >
 > Is there a simple way to clean out the /tmp folder in Linux, for us phlebs?

https://askubuntu.com/questions/20783/how-is-the-tmp-directory-cleaned-up

 > /var/log folder getting kindda rhobust too)

Most apps that log there should have configurable log rotation policies.

 > So I could not for the life of me figure out where the exploit was on my
 > system until I watched the process carefully. I could kill the process
 > easily enough (sudo top), but it would fire up again within 10-15 minutes.

'sudo ps aux' will display the full path to all running processes. That's how you'd know *where* it is on your system, then you start grepping for what restarts that process upon boot (if it is).
-- 
                                            digital man (rob)

Synchronet/BBS Terminology Definition #34:
FTN = FidoNet Technology Network