I have Ubuntu 12.04 with latest updates running. I found that I had /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d running a lot so starting digging into it. The file doesn’t exist. When I started grep to find where it was coming from, I had two perl scripts masked as image files:
/usr/share/webmin/apache32.ico.1:my @rps = ("/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d");
/usr/share/webmin/apache.png:my @rps = ("/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d");
Is this a known vulnerability or any idea how I got this?
Thanks,
Alan