On Fri, Sep 01, 2000 at 02:39:04PM -0400, Wesley A. Wannemacher wrote: > I have a Linux machine that has been recently > rooted. I have found many strange things on the > > Why is there an extra '..'? There was also a
Most likely one of them is really named ".. " or something like that. Check for spaces in the name. As far as recovery goes though: you may wish to continue looking around the box and keep the data for forensic purposes, but I wouldn't put this machine back online as-is. Your best bet is to back up the user data you need to keep, maybe some of /etc/ too, and then wipe the disk and re-install. Make sure you thoroughly inspect any of the old data your restore from the old system, looking for such things as suid binaries in home dirs, etc.. Also you should be wary of whatever daemons you'd been running. named as root? sendmail? etc..
