Having been in this boat I can say I sympathize. Your only safe
solution, especially given the knowledge of this hacker is a total
reformat. With that not being possible I would suggest taking off
the essential files to a backup, clean installing and then replacing
the essential files that you saved. Afterwards Tripwire and a
Security Plan. Again all learned the hard way. It sucks but it is
the only way.
Best,
Kevin
>All,
>
>The hacker who gained access to our system has me
>baffled.. I can't delete many files on the FS as root
>even using a clean copy of rm. At first I thought
>perhaps chattr.. but a clean copy of lsattr shows
>they're not locked. Yet I still can't delete their
>hacked versions of /bin/login, etc. Is there anything
>else I can do to delete these files? I need to
>reinstall some key RPM's to cleanse the system for
>now... and RPM dies 'cause it can't delete the files
>either. This is becoming more than a major problem
>for us :-(
>
>TIA,
>
>Adrian
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Auctions - Buy the things you want at great prices.
>http://auctions.yahoo.com/
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
________________________________________________________________________________
"The Internet treats censorship as damage and routes around it"
InterNetWorkingSolutions
Your home for Business and Personal Computing Solutions
PO Box 152, Cabot, VT 05647 USA
VOICE: 888.726.9030
FAX: 888.726.9030
General Information: [EMAIL PROTECTED]
Website Hosting: [EMAIL PROTECTED]
Systems Administration Services : [EMAIL PROTECTED]
Technical Support & Training Services: [EMAIL PROTECTED]
________________________________________________________________________________
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
