2 Mar
2021
2 Mar
'21
21:17
On 02/03/2021 22.14, James Knott wrote:
On 2021-03-02 4:12 p.m., Carlos E. R. wrote:
Ok, so the user did exist and had actually a password and they guessed it, via ssh and many attempts. Ok, that's the important information to know. They did not make "root", so the machine probably was not compromised.
Check "crontab -e" (uses vi by default) to see if he created a cronjob.
Nothing there.
A systemd user timer, then? Something in /etc/cron.d/? -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)