logoalt Hacker News

hmokiguessyesterday at 2:21 PM2 repliesview on HN

What’s the best way to identify a compromised machine? Check uv, conda, pip, venv, etc across the filesystem? Any handy script around?

EDIT: here's what I did, would appreciate some sanity checking from someone who's more familiar with Python than I am, it's not my language of choice.

find / -name "litellm_init.pth" -type f 2>/dev/null

find / -path '/litellm-1.82..dist-info/METADATA' -exec grep -l 'Version: 1.82.[78]' {} \; 2>/dev/null

Replies

persedesyesterday at 2:27 PM

there's probably a more precise way, but if you're on uv:

  rg litellm  --iglob='*.lock'
lukewarm707yesterday at 4:46 PM

these days, i just use a private llm. it's very quick and when i see the logs, it does a better job than me for this type of task.

no i don't let it connect to web...