> On 02/07/11 10:06 AM, Nicolas Ross wrote: >> I found some suspicious file in /bin and /usr/bin directories that are >> owned >> by user id 122, where this machine doesn't a userid 122. >> > > oh. get and run rkhunter. preferably do it on read only media via > another system.
Ok, good tool, and good call... I've took the chance to run it from that machine. So, it found some suspicious files and some parts of some rootkits, SHV5 namely. So, that machine was scheduled to be replaced soon, so It'll be sooner than later... In the mean time, I'll check what I can salvage from the 3.9 repos. Thanks, _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
