the problem is, that i cannot delete or change a file, that was written or modified by a root-kit on our server. the normal approach doesnt work. the facts: im logged in as root. i cannot chown the file. i cannot chmod the file. i cannot rm the file.
any suggestions ?? thank you, r.frechen
If you use ext2fs on the filesystem in question, then the intruder may
have used an ext2-specific extension to keep you from removing the files.
Try lsattr on the directory and the files to see if the immutable flag was
set, and remove the flags with chattr.
Roman.
--
- -
| Roman Drahtmüller