On Sun, 23 Feb 2003 15:45:32 -0800, Benjamin R. Mohilef wrote > You wrote: > <snip> > > lsattr is not installed on my system. > <snip> > > chattr not installed on my system either. If it was, I do not know the > <snip> > > It sounds like your system has been cracked badly. The programs > chattr, lsattr, etc are installed by the e2fsprogs rpm during > install. It is highly possible that the crackers may be using your > box as a filez server. If the cracker left the original rpm program > untouched, and if theattributes were not changed on /usr/sbin, you > can reinstall the programs from the e2fsprogs rpm. > > Although you may be able to ferret out knopwn offending cracks > with the program checkroot (http://www.chkrootkit.org), total > reformat and reinstall is a better solution, using the latest > patches to prevent being re-cracked. If the cracker was smart enough > to remove lsattr and chattr, he/she probably installed some rootkits > and back doors which may go a little beyond the normal script kiddy > attack and which will allow reinfection.
Thank you for the concern. chkrootkit and tripwire show no unusual activity. The reason e2fsprogs are not installed is because the system is not using an extended filesystem. It is a virtual domain server developed by SwSoft and uses a vzfs files system. It was a bit scary, but it was nice to have chkrootkit, tripwire, and iptables around to give me an idea of the status of the system. Bottom line, someone uploaded a weirdly named file, but everything that should be working to protect the system appears to be functioning correctly. So much for a quiet weekend ... -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
