On Tue, May 14, 2002 at 11:40:19PM -0700, Ina Patricia Lopez wrote: > hi! > im trying to remove sshd from my system and will replace by a new > copy but im getting this results.....why is this so?
Someone might have rootkitted your system. I've seen the same thing happen to a box at Inter.Net a few months before I left employment there. There are rootkits that place a trojaned SSHv1 daemon that has a backdoor. This sshd is placed in /usr/local/sbin and is chattr'ed to readonly so not even root can replace it. Chances are even chattr and lsattr have been doctored to prevent you from fixing the damage. It's time to look more carefully at the system logs to see what has happened in recent days and then backup any significant data then reinstall your system. -- Rafael R. Sevilla <dido at imperium dot ph> +63(2)8123151 Software Developer, Imperium Technology Inc. +63(917)4458925 _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
