0
Upon running htop I found two strange processes running on my machine which have the following commands:
/bin/sh -c npm run serve
and sh -c node src/index.js
and some other for a python script.
These were run under "root", to which I have access, but none of those scrips seem to exist.
How exactly can I check on the contents of the script being executed or at the very least check on what those scripts are doing?
I know about /proc
but I can't find anything there that could be of any help. Only the cmdline that I've put above. I'd like to know the contents / logic being executed by those scripts and their paths / location from where the command was executed or something of the likes that could help me decide if these processes are legit or malicious.
So how exactly can I do this? Please answer with detail if you mention the usage of some linux command or tool