own listing procedure. Logically that is not likely to be. Might be
that the read permission for that folder was revoked? But that will
also result in failing of listing in SSH terminal. You could try do
the following to be sure if the `ls' binary was really changed.
$cd /val/log
$echo *
If this result in a list of files then you can safely assume that the
binary is questionable. If you have a box that has similar
installation then you can try and compare the binary checksum. Try the
following
In the questionable box do:
#md5sum /bin/ls
and do the same in a clean box.
Output of the command should be something like this:
sunapp:/export/home/mark# md5sum /bin/ls
415c51fb1840609202155d8c9ae97af3 /bin/ls
Then compare the two checksums. If the system is really hacked then
there is no definite way to recover. Best way is to periodically take
backup of important data and to keep a checksum of binary files. So
that you can cross match with that when required.
--- In [email protected], Faysal Abedin <[EMAIL PROTECTED]> wrote:
>
> Thanks to Mohammad Vai for ur good advice.
>
>
>
> beeplove <[EMAIL PROTECTED]> wrote:
> The way you have described your situation, I would say yes somehow
> your 'ls' has changed. I am assuming, you ran ls -al, tail -f and
ssh
> using same account.
>
> Someone may has got access to your computer without your awareness.
In
> that case, I would rather reinstall everyting after keeping backup
of
> necessary data. If you dont have important data in your computer,
you
> can play with it to see what it is doing, is it listening any
> sucpicious port or any suspecious program running on background.
> Before do that, you also need to have a good copy of ls, ps,
netstat,
> top and ofcource your favorite shell, like bash.
>
> good luck !
>
>
> Mohammad
>
>
> --- In [email protected], shahin012 <no_reply@> wrote:
> >
> > hi groups,here i m facing a criticul problem at my linux server.
when i
> > m using ls -la command at /var/log/... then i cant view any files
but
> > when i m using tail -f /var/log/message or all files then i can
view
> > all.
> > anotherhand whn i m using ssh with graphical mode then i can view
all
> > files have inside the /var/log/... folder.
> > have any idea why this is happening.if i m hacked by somehow then
how
> > can i overcome from this problem
> >
>
>
>
>
>
>
> To unsubscribe send a blank mail to:
> [EMAIL PROTECTED]
>
>
>
> ---------------------------------
> YAHOO! GROUPS LINKS
>
>
> Visit your group "bdlug" on the web.
>
> To unsubscribe from this group, send an email to:
> [EMAIL PROTECTED]
>
> Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service.
>
>
> ---------------------------------
>
>
>
>
>
> ---------------------------------
> Celebrate Earth Day everyday! Discover 10 things you can do to help
slow climate change. Yahoo! Earth Day
>
> [Non-text portions of this message have been removed]
>
To unsubscribe send a blank mail to:
[EMAIL PROTECTED]
SPONSORED LINKS
| Bangladesh | Linux user | Dhaka bangladesh |
YAHOO! GROUPS LINKS
- Visit your group "bdlug" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
