rpm -Via .. ili neshto ot sorta (pogledni man page-a) shte ti pokave wsichki promeneni files. ottam gledash toq file na koj package prinadlevi - rpm -qf /bin/login (primerno) i install-wash paketa s rpm -Uvh --force package-shalala.i386.rpm za skritite process i file - ne znam kak shte gi tyrsish.
hth. B. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 18, 2002 1:26 PM Subject: lug-bg: rootkit > Zdraveite , administriram ot niakolko dni rh 7.2 server zabeliazah > otvoren 199 (smux) port smetnah go za stranno poneje smux e obsolette > protocol a i service-a ne se vikashe v nikoi init scriptove. Na > server-a biaha pusnati rpc.statd telnet webmin predpolagam 4e hackera > e probil ot tam. Sushto mrejovite interface-i sa nastroeni v promisc > mode.Ifconfiga e precompiliran poneje adva vseki nov iface v promisc > rejim. Smenih root parolata , filtrirah 199 port , razkarah telnet > webmin etc .. . Chkrootkit pokaza 4e ima 1 skrit file i 1 skrit > process. Svalih kstat za da vidia koi kernel moduli se zarejdat a > sushto i da vidia vsi4ki procesi no za sujalenie kstat ne iska da se > compilira na RH 7.2 a homepage-a na kstat http://s0ftpj.org e down . > Ako niakoi moje da mi pomogne kato mi preporu4a niakakuv podoben tool > ili da mi dade nasoka za budeshti deistivia shte sum izklu4itelno > blagodaren. > > =========================================================================== > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora > > =========================================================================== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
