2 Jul
2002
2 Jul
'02
18:04
Roman Drahtmueller wrote:
If you use ext2fs on the filesystem in question, then the intruder may have used an ext2-specific extension to keep you from removing the files. Try lsattr on the directory and the files to see if the immutable flag was set, and remove the flags with chattr.
But isn´t it somewhat naive to believe this machine is usable after this? I mean, he wrote about a compromised machine (rootkit). I would not trust this machine at all, and suggest a completely new install. Christian -- Ein Kreis ist ein rundes Quadrat. netzwerkplanet. --- Düsseldorf voice: 0211-9764091 mail: contact@netzwerkplanet.de PGP Key available