Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Christian Lox (loxnetzwerkplanet.de)
Date: Tue Jul 02 2002 - 13:04:41 CDT
Roman Drahtmueller wrote:
> If you use ext2fs on the filesystem in question, then the intruder may
> have used an ext2-specific extension to keep you from removing the files.
> Try lsattr on the directory and the files to see if the immutable flag was
> set, and remove the flags with chattr.
But isn´t it somewhat naive to believe this machine is usable after
this? I mean, he wrote about a compromised machine (rootkit).
I would not trust this machine at all, and suggest a completely new
-- Ein Kreis ist ein rundes Quadrat.
netzwerkplanet. --- Düsseldorf voice: 0211-9764091 mail: contactnetzwerkplanet.de PGP Key available
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here