A good rootkit will also modify the date and time of the replaced binaries so they will look the same as the original.
Try to replace your "ps" command with that from a trusted RH9 machine. If it works ok then you must do a clean install to get rid of the rootkit. ----- Original Message ----- From: "Paul Oster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 10:24 PM Subject: Re: [Asterisk-Users] Does Asterisk overwrite any libraries? > Looks like your box has been compromised. Try > > ls -l `which ps` > > You'll probably find an inapropriate date. Whenever I've diagnosed > problems like this, I've found badly installed rootkits. > > To address this on my production machines, I'm going to insruct the > router to only allow traffic that is coming from trusted locations > to connect to the box anyplace. > > I really hope I'm wrong about this Costas, but you should probably start > verifying your binaries. > > If your machine has been compromised, a clean install, and patch with > all the updated RPMS is a recommended soloution. > > Paul > costas wrote: > > >I am using a brand new RH9.0 installation. I installed Asterisk afterwards so I am not sure if Asterisk caused the problem below. The ps doesn't work. It could also be something else. I also tried installing a some video package. But I thought to ask here first if someone has seen this before. > > > >[EMAIL PROTECTED] asterisk]# ps > >ps: error while loading shared libraries: libproc.so.2.0.6: cannot open shared object file: No such file or directory > > > >[EMAIL PROTECTED] asterisk]# which ps > >/bin/ps > > > >Thanks > >Costas > > > >-- > >Costas Menico > >Meezon Software Corp > >201-224-8111 > >[EMAIL PROTECTED] > > > >-- > >_______________________________________________ > >Asterisk-Users mailing list > >[EMAIL PROTECTED] > >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > > > > > > > > > > ____________________________________________________________ > Free 20MB Web Site Hosting and Personalized E-mail Service! > Get It Now At Doteasy.com http://www.doteasy.com/et/ > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
