On Sun, 23 Feb 2003 19:11:03 -0330, Michael Pelley wrote > Hmmmm... > > The lsattr and chattr progs are part of the e2fsprogs RPM. Did you > purposely not install e2fsprogs? If you did and it is missing now, then > maybe more is hacked than you think. Do a > rpm -qa | grep e3fsprogs > and see if that RPM disto is installed. If it has been, then > someone may have renamed/removed them. Mine are in /usr/bin.
The system is on a virtual domain server developed by Swsoft. The file system is not ext2: [EMAIL PROTECTED] incoming]# df -h Filesystem Size Used Avail Use% Mounted on vzfs 2.0G 323M 1.6G 17% / That may explain why e2fsprogs are not installed on my system. My fstab is pretty simple: none /dev/pts devpts rw 0 0 > As someone else noted, if you've been hacked, the most secure (and probably > the easiest) is to backup all data and flatten the box and patch it before > it has Internet access. I had to recover a hacked box once without being > able to flatten and reinstall but I always let everyone on the sysadmin > level know that this box couldn't be trusted.... I have run tripwire and chkrootkit and both appear to be normal. If I have been zapped, then it is not obvious. I have not found anything about a wierd file name causing this problem, but ... A little research and I have figured out that uploaded files will be masked as 644 with ftp.ftp ownership. However, any attempt by an anonymous user to ls or get results in an error (as it should). Consquently, I do not think I have been zapped, but am having a problem with someone uploading a weird and long file name. If I have been hacked, then I may get out of the business of using virtual domain servers and just stick with my own boxes ... Thanks for the help. Mike. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
