TR: Root can't delete filesFrom: Tosoni (email@example.com)
- Previous message: Antoine Pouch: "Re: SQL Access Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <01C159B5.E8B1BEC0@jp> From: Tosoni <firstname.lastname@example.org> To: "'email@example.com'" <firstname.lastname@example.org> Subject: TR: Root can't delete files Date: Sat, 20 Oct 2001 22:23:51 +-200
Thanas wrote :
> I had already replaced the kernel (no module support now!) and everithing under:
I have been troyaned twice in the beginning of this year with a rootkit that attacked /bin/login and other executables as well. Very similar to your problem.
I advise you that I found troyan files in some unexpected directories, namely /dev and /usr/lib.
I reloaded the whole O.S. so I am now "safe", but if you don't do that you MUST check for unexpected files and/or hidden files and directories in other places on your system. You could also establish a list of ALL your actual files and check it against the list of files you installed from archives.
My intruder also tampered with my RPM database, so don't rely too much on the validity of this. Check the update time of the RPM database as a first hint.