Re: Re: root is unable to change file permissions!
Incoming from Andreas Hatz: Thanks for the tip re the chkrootkit. There are a couple of warnings: Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit installed Checking `lkm'... You have 3 process hidden for ps command Warning: Possible LKM Trojan installed This is great info, but now I need to find a way to get rid of them. Actually, you need a resource to explain what it found. See the chkrootkit mailing list archives at: http://marc.theaimsgroup.com/?l=chkrootkit-users -- Any technology distinguishable from magic is insufficiently advanced. (*)http://www.spots.ab.ca/~keeling Please don't Cc: me. - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: root is unable to change file permissions!
Hello Robert, when running lsattr I get mostly -- with a few exceptions: ns:/bin# lsattr suSiadAc-- /bin/ls suSiadAc-- /bin/login suSiadAc-- /bin/netstat suSiadAc-- /bin/ps also, ns:/bin# lsattr /sbin suSiadAc-- /sbin/ifconfig Doesn't look too good for security. I have done a chattr -ASacdistu on all relevant directories, but I aggree that this is a short term fix only. Thanks all who gave advice on this one. Learnt something new after almost 10 years of linux sysadmin. Cheers, Andreas
Re: Re: root is unable to change file permissions!
Hello Jurgen, Thanks for the tip re the chkrootkit. There are a couple of warnings: Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit installedChecking `lkm'... You have 3 process hidden for ps commandWarning: Possible LKM Trojan installed This is great info, but now I need to find a way to get rid of them. Cheers, Andreas