Re: LKM Trojan installed

From: Nick Austin (nick@digitalpipe.net)
Date: 02/18/03

  • Next message: Chris Rouch: "Re: LKM Trojan installed"
    Date: Tue, 18 Feb 2003 13:35:12 -0800 (PST)
    From: Nick Austin <nick@digitalpipe.net>
    To: "Rivanor P. Soares" <rivanor@bol.com.br>
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Wed, 12 Feb 2003, Rivanor P. Soares wrote:

    > 5) And, is this *normal* ?
    > [root@localhost /]# lsattr -d /proc/
    > lsattr: Inappropriate ioctl for device While reading flags on /proc/

    Yes, this is normal. I see the same thing on my box.

    > 7) Unfortunately, I don't have access, yet, to a CD like Knoppix. :(

    You can boot off rh8.0 in rescue mode if you want, or just use the "Super
    Rescue" CD to do things like this.

    Also, you might want to try running a command like
    "rpm -Va" under the recovery console on RedHat.

    And for your reference, This is from my system

    $ rpm -q rpm
    rpm-4.1-1.06

    $ md5sum /bin/rpm
    912add6d3d415c5d6c0fc5115f830b71 /bin/rpm
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)
    Comment: Made with pgp4pine 1.76

    iD8DBQE+UqcVHmiYOiU4APYRAhD6AKDlFUtUBhnrHAZl0BWJry8qaqtwFgCg7phR
    4O/lQpeBYct9j9OeUca5OrQ=
    =ytnD
    -----END PGP SIGNATURE-----