Hi,

maybe the intruder used the "chattr" Application.
With this appl. you can protect your files and directories...

See the man page.

Bernd

Mit freundlichen Grüßen

Bernd Bass

AEG Mobile Communication
Wilhelm-Runge-Str. 11, D-89081 Ulm
Web: www.amc.de
e-mail: Bernd.Basseads-dsn.com
          A company of

-----Ursprüngliche Nachricht-----
Von: Thanas [mailto:thanasinfinito.it]
Gesendet: Mittwoch, 10. Oktober 2001 12:03
An: Focus Linux
Betreff: Root can't delete files

Hi,

after an intrusion in a linux system (2.2) using (I suppose) a
vulnerability in bind 8.2.2 I've experienced a strange behaviour:

the attacker installed a corrupted version of /bin/login and when
i typed:

# mv /safe/version/path/login /bin/login

I just obtained the message 'Operation not permitted' ... How is
it possible ? I had to use low level tools directly on the ext2
filesystem to delete that file ...

thanks

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]