On Sun, Apr 20, 2003 at 11:14:41PM -0600, Bob Proulx wrote:
> GOTO Masanori wrote:
> > Well, it's hard to display package name. However
> >
> > lsof | grep dpkg-new | awk '{print $1, $8}' | sort +0
> >
> > make a list which describes what binary uses old libraries replaced by
> > dpkg. To show more user friendly, it needs to remember that what
> > library files are replaced, though.
>
> I think I see where you are going. Something like this for libc?
>
> lsof | awk '$9 ~ /^\/lib\/libc-.*.so/{print$1, $9}'
>
> And then warn the admin with a notice about those running programs?Funny, while I was on vacation I coded a check for the Tiger security tool to do just this, it's called 'check_finddeleted' [1] and will point you to processes (normal ones and daemons) that are using deleted files. It is based on an excellent article by Brian Hatch at http://www.hackinglinuxexposed.com/articles/20020507.html. Definitely, a must read :-) Regards Javi [1] http://savannah.nongnu.org/cgi-bin/viewcvs/tiger/tiger/scripts/check_finddeleted?rev=1.1&content-type=text/vnd.viewcvs-markup
pgpTAvco749aR.pgp
Description: PGP signature
