the problem is, that i cannot delete or change a file, that was written or modified by a root-kit on our server. the normal approach doesnt work. the facts: im logged in as root. i cannot chown the file. i cannot chmod the file. i cannot rm the file.
any suggestions ?? thank you, r.frechen
If you use ext2fs on the filesystem in question, then the intruder may have used an ext2-specific extension to keep you from removing the files. Try lsattr on the directory and the files to see if the immutable flag was set, and remove the flags with chattr. Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -