Re: Can't remove file as root
From: Michael Heiming (michael+USENET@heiming.de)Date: 02/23/02
- Next message: GRuB: "Re: Can't remove file as root"
- Previous message: Teddy: "Can't remove file as root"
- In reply to: Teddy: "Can't remove file as root"
- Next in thread: GRuB: "Re: Can't remove file as root"
- Reply: GRuB: "Re: Can't remove file as root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Michael Heiming <michael+USENET@heiming.de> Date: Sat, 23 Feb 2002 14:16:02 +0100
Teddy (<3C778B2D.E6307E50@bla.bla>):
> I have the problem, that I can't remove a file as root anymore,
> and I don't know why. The file was replaced by a hacker.
>
> root@host:/bin # ls -l ps
> -rwxr-xr-x 1 root root 13583 Feb 9 01:04 ps
> root@host:/bin # rm ps
> rm: remove `ps', overriding mode 0755? y
> rm: ps: Operation not permitted
> root@host:/bin # chmod 0700 ps
> chmod: ps: Operation not permitted
Try:
lsattr /bin/ps
However, there is no way for you to clean up your system, you need
to install from scratch and apply the latest patches for your
distro, before you bring the box online again. Unplug it NOW from
the internet!
5.6) I've been compromised, what should I do?
http://www.linuxsecurity.com/docs/colsfaq.html#5.6
Michael Heiming
-- Remove the +SIGNS case mail bounces.
- Next message: GRuB: "Re: Can't remove file as root"
- Previous message: Teddy: "Can't remove file as root"
- In reply to: Teddy: "Can't remove file as root"
- Next in thread: GRuB: "Re: Can't remove file as root"
- Reply: GRuB: "Re: Can't remove file as root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
