lsof
is a great utility, just now started using it.
lsof -i | grep smtp
=> this give the following result.
httpd.pl 212548 global 3u IPv4 893092369 0t0 TCP server07.host...blah...
In the above example, httpd.pl
is perl script, which sends spam emails.
How can I know the full path of the command. i.e in the above result, I want to know the full path of httpd.pl
I tried searching in home dir, the file httpd.pl
is not there.
and also, I tried with lsof -p PID
, this also does not give the path to it.
Is there any way, I can get the full path of that file ?
Note: This kind of problem is very common in shared hosting environment. So, it will be very useful for shared hosting or any web server administrator.
Best Answer
One way could be to examine the files opened by that process. Of the types shown in the
FD
column oflsof
:So, try:
For scripts, this does show the path of the interpreter used (such as
/bin/bash
). For shell scripts, the script file seemed to be open on fd 255 on my system, but for Perl scripts, there was no mention of the script file at all inlsof
output.