Thomas Lamy wrote:
No, it's just your binaries are swapped with those from the root-kit, and these hide themselves... Get those binaries from a safe machine (better CD-ROM) into a temporary directory (for forensic analysis, do not overwrite any binaries nor reboot the machine!), and try it again with those safe binaries. You may also do an "rpm --verify -a > /tmp/some/file" to check the md5-hashes of all installed packages, to see if and which binaries on your sytem have been replaced by the attacker's root-kit.
(SH...T) Ok can I run these tools from my laptop connected to my the f....ed machine via ethernet. ( I can use the live CD so those binaries on the laptop machine will not have the possibility to be hacked
Regards, Thomas
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Togan Muftuoglu