Re:Root can't delete files
From: Nick Edens (nedens@checkerdist.com)Date: 10/10/01
- Previous message: Francisco Jose C Figueiredo: "Re: VPN Question"
- Next in thread: Josh More: "Re:Root can't delete files"
- Reply: Josh More: "Re:Root can't delete files"
- Reply: Pradu: "Re:Root can't delete files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: SECURITY-BASICS@SECURITYFOCUS.COM From: "Nick Edens" <nedens@checkerdist.com> Date: 10 Oct 2001 13:29:00 -0400 Subject: Re:Root can't delete files Message-Id: <JA8AAAAAABkKuwABYQABVF9A4NhU@checkerdist.com>
It sounds to me like your intruder changed more than just the /bin/login file.
I would do a os rebuild and only restore data from your tapes. That is assuming
that you make regular backups.
- Nick Edens
Checker Distributors
"The weak have one weapon: the errors of those who think they are strong."
Georges Bidault (1899-1983); French resistance leader
Thanas (10/10/01 6:02 AM):
>Hi,
>
>after an intrusion in a linux system (2.2) using (I suppose) a
>vulnerability in bind 8.2.2 I've experienced a strange behaviour:
>
>the attacker installed a corrupted version of /bin/login and when
>i typed:
>
># mv /safe/version/path/login /bin/login
>
>I just obtained the message 'Operation not permitted' ... How is
>it possible ? I had to use low level tools directly on the ext2
>filesystem to delete that file ...
>
>thanks
- Previous message: Francisco Jose C Figueiredo: "Re: VPN Question"
- Next in thread: Josh More: "Re:Root can't delete files"
- Reply: Josh More: "Re:Root can't delete files"
- Reply: Pradu: "Re:Root can't delete files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
