Re: hidden files
From: simon (simon_at_nowhere.com)
Date: 01/28/05
- Next message: John Thompson: "Re: unsuccessful hacking attempt at my machine"
- Previous message: Tim Haynes: "Re: One-box, one-user: could I have done it all with chkconfig?"
- In reply to: Tim Haynes: "Re: hidden files"
- Next in thread: Mike: "Re: hidden files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jan 2005 14:19:20 +1300
Tim Haynes wrote:
> "mat" <mat_bike@yahoo.com> writes:
>
>
>>Perhaps, a rootkit was used. Thanks for the insight and the site. I will
>>go and check it out.
>
>
> While I'm passing by, if you're on an RPM-based distribution, `rpm -Vva'
> will verify all packages installed. Be particularly on your guard for
> things such as ls and ps and find (and anything in a bin/ directory)
> appearing as modified in the output list.
>
> If your /bin/ls has been modified, that would certainly explain why you
> can't see certain files. The alternative approach often used by a rootkit
> is to install a kernel module (LKM for short) that blocks-off access or
> redirects it to other files (so the /bin/ls you see is not the /bin/ls you
> exec()).
>
> ~Tim
Well, one easy way to bypass all rootkits is to boot off a linux-on-cd
system, eg knoppix/ubuntu for fully-featured system or many other
choices for slimmed-down environments.
You will then definitely have access to all files on the target system.
- Next message: John Thompson: "Re: unsuccessful hacking attempt at my machine"
- Previous message: Tim Haynes: "Re: One-box, one-user: could I have done it all with chkconfig?"
- In reply to: Tim Haynes: "Re: hidden files"
- Next in thread: Mike: "Re: hidden files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
