OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Christian Lox (loxnetzwerkplanet.de)
Date: Tue Jul 02 2002 - 13:04:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Roman Drahtmueller wrote:

    >
    >
    > If you use ext2fs on the filesystem in question, then the intruder may
    > have used an ext2-specific extension to keep you from removing the files.
    > Try lsattr on the directory and the files to see if the immutable flag was
    > set, and remove the flags with chattr.
    >

    But isn´t it somewhat naive to believe this machine is usable after
    this? I mean, he wrote about a compromised machine (rootkit).
    I would not trust this machine at all, and suggest a completely new
    install.

    Christian 

    -- 
Ein Kreis ist ein rundes Quadrat.

    netzwerkplanet. --- Düsseldorf
voice: 0211-9764091   mail: contactnetzwerkplanet.de
PGP Key available

    -- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here