Dear all, I've just inherited a debian system. I'm affraid I'm not very experienced with Debian, coming more from a Solaris background so please be patient if the questions are numpty.I have a problem at the moment, strangely various binaries in the /bin directory are changing size and
Hello Giles.
I have a problem at the moment, strangely various binaries in the /bin
directory are changing size and becoming corrupt.
Just a guess; what is the output of the following command?
dpkg -l prelink
Regards, Mathias
signature.asc
Description: OpenPGP digital signature
On Mon, Jul 31, 2006 at 09:41:51PM +0100, Giles McGarry wrote:
Dear all, I've just inherited a debian system. I'm affraid I'm not very
experienced with Debian, coming more from a Solaris background so please be
patient if the questions are numpty.
I have a problem at the moment,
On Mon, Jul 31, 2006 at 09:41:51PM +0100, Giles McGarry wrote:
I have a problem at the moment, strangely various binaries in the /bin
directory are changing size and becoming corrupt. When I restore the
original they work ok, and then at some time later they change size and
stop
Andrew, thanks for the reply, there's only one filesystem and it's root so I won't be able to mount it read only. I haven't tried changing permissions, but I will, and update the output so I can try and figure out what's happening.As the processes, yes they all respond to kill -9 so thats
Hello Giles.
Please reply to the list directly, thanks.
There's no package called prelink on the system. Should there be?
Not necessarily. It could have been a possible cause for the different
filesizes.
So you should follow the recommendations of Andrew and Steve and prepare for a
worst
Steve, I think you've hit the nail on the head, running clamscan (didn't know it even existed until a few minutes ago) show the following:/bin/bash: Linux.RST.B FOUND /bin/mv: Linux.RST.B FOUND /bin/grep: Linux.RST.B FOUND /bin/mt-gnu: Linux.RST.B FOUND /bin/tcsh: Linux.RST.B FOUNDon
Giles McGarry wrote:
Steve, I think you've hit the nail on the head, running clamscan (didn't know
it even existed until a few minutes ago) show the following:
/bin/bash: Linux.RST.B FOUND
/bin/mv: Linux.RST.B FOUND
/bin/grep: Linux.RST.B FOUND
/bin/mt-gnu: Linux.RST.B FOUND
/bin/tcsh:
On (31/07/06 19:02), Joey Hess wrote:
http://www.viruslist.com/en/weblog?calendar=2005-09
http://www.lurhq.com/atd.html
One of those might possibly explain how that virus got on there.
I'd recommend a rebuild; you have a system here whose previous admin
has either been running untrusted
9 matches
Mail list logo