There may be earlier exploitation, but “find / -mtime -4” is a good way to look for weekend #log4j carnage on your Linux servers. RCE is likely unprivileged, so focus first on [/var]/tmp, /dev/shm, and similar world-write directories.
2
45
102
The units for "-mtime" etc are in days
Dec 13, 2021 · 6:56 PM UTC
3

