>On Wed, 1 Mar 2000, M. Erickson wrote:
>
>> No need to reformat, toss that windows paradigm aside, learn a new way of
>> dealing with things like this! Just update BIND, XFS, and check through
>> all your .history/.bash_history files and find out what else has been
>> done..
>
>Finding out what else has been done is not exactly a trivial task. If
>whoever did this isn't totally braindead, he edited .history and logfiles
>to hide traces. (But then it seems to be someone stupid because he didn't
>remove the ADMROCKS file).
See posting I just did about this.
>rpm --verify can help you find modified files, and a find / -perm 4755
>will find added setuid bits, but that's still not everything someone could
>have done.
Find was changed as well. But, the modified find wasn't totally fixed, as
it would find the directories that contained a space character as the name.
There were a couple of them. There is one in /dev. I forget where the
other one is, without looking.
>Unless you absolutely know how to deal with this, backing up your data and
>reinstalling is probably the best thing to do.
This is very true.
MB
--
e-mail: [EMAIL PROTECTED]
Bart: Hey, why is it destroying other toys? Lisa: They must have
programmed it to eliminate the competition. Bart: You mean like
Microsoft? Lisa: Exactly. [The Simpsons - 12/18/99]
Visit - URL:http://www.vidiot.com/ (Your link to Star Trek and UPN)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
