Well that's another reason, why we haven't gone with the patch installation, because the description of the patch doesn't mentioned anything about the scenario we are encountering.... So look I have the following script:
# mv /usr/bin/kill /usr/bin/kill.old
# cd /usr/bin
# vi kill
#!/sbin/sh
echo "***" >> /kill.test
echo "Process $$ called /usr/bin/kill" >> /kill.test
ps -ef | sort >> /kill.test
ps -ef | grep $$ >> /kill.test
/usr/bin/kill.orig ├в $@├в
I am able to log to the kill.test file who kills the cron daemon, but only when someone or something uses the full pathed kill command /usr/bin/kill, how can I make this work also if someone uses the regular kill command, just like # kill
, example a person that kills the daemon intentionally?
