Incoming from Andreas Hatz:
Thanks for the tip re the chkrootkit. There are a couple of warnings:
Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit
installed
Checking `lkm'... You have 3 process hidden for ps command
Warning: Possible LKM Trojan installed
On Fri, Jun 03, 2005 at 08:04:17PM +1200, Andreas Hatz wrote:
We have an interesting phenomenon occuring on one of our servers. We
have noticed that two files in the /bin directory have had their
executable permissions removed and we are unable to chmod the files as
root.
Check the output
On Fri, 2005-06-03 at 20:04 +1200, Andreas Hatz wrote:
Hello Debain Users,
We have an interesting phenomenon occuring on one of our servers. We
have noticed that two files in the /bin directory have had their
executable permissions removed and we are unable to chmod the files as
root.
Try to run a chkrootkit, to see if some niaries are replaced.
Also, how about the mounts, is /bin probably a mount, or is
/bin/login a symlink to a ro filesystem?
Jurgen
Hello Debain Users,
We have an interesting phenomenon occuring on one of our servers. We have
noticed that two files in
Using lsattr, see is the immutable flag has been set. Normally, no flags
should be set:
[EMAIL PROTECTED]:~ lsattr *.txt
- 34sp-userguide.txt
If the immutable flag has been set, you can unset it with
chattr -i filename
See man lsattr and man chattr.
While this will
Hello Robert,
when running lsattr I get mostly --
with a few exceptions:
ns:/bin# lsattr
suSiadAc-- /bin/ls
suSiadAc-- /bin/login
suSiadAc-- /bin/netstat
suSiadAc-- /bin/ps
also,
ns:/bin# lsattr /sbin
suSiadAc-- /sbin/ifconfig
Doesn't look too good for
Hello Jurgen,
Thanks for the tip re the chkrootkit. There are a
couple of warnings:
Searching for t0rn's v8 defaults... Possible t0rn
v8 (or variation) rootkit installedChecking `lkm'... You
have 3 process hidden for ps commandWarning:
Possible LKM Trojan installed
This is great info,
7 matches
Mail list logo