Changing binaries

2006-07-31 Thread Giles McGarry
Dear all, I've just inherited a debian system. I'm affraid I'm not very experienced with Debian, coming more from a Solaris background so please be patient if the questions are numpty.I have a problem at the moment, strangely various binaries in the /bin directory are changing size and

Re: Changing binaries

2006-07-31 Thread Mathias Brodala
Hello Giles. I have a problem at the moment, strangely various binaries in the /bin directory are changing size and becoming corrupt. Just a guess; what is the output of the following command? dpkg -l prelink Regards, Mathias signature.asc Description: OpenPGP digital signature

Re: Changing binaries

2006-07-31 Thread Andrew Sackville-West
On Mon, Jul 31, 2006 at 09:41:51PM +0100, Giles McGarry wrote: Dear all, I've just inherited a debian system. I'm affraid I'm not very experienced with Debian, coming more from a Solaris background so please be patient if the questions are numpty. I have a problem at the moment,

Re: Changing binaries

2006-07-31 Thread Steve Kemp
On Mon, Jul 31, 2006 at 09:41:51PM +0100, Giles McGarry wrote: I have a problem at the moment, strangely various binaries in the /bin directory are changing size and becoming corrupt. When I restore the original they work ok, and then at some time later they change size and stop

Re: Changing binaries

2006-07-31 Thread Giles McGarry
Andrew, thanks for the reply, there's only one filesystem and it's root so I won't be able to mount it read only. I haven't tried changing permissions, but I will, and update the output so I can try and figure out what's happening.As the processes, yes they all respond to kill -9 so thats

Re: Changing binaries

2006-07-31 Thread Mathias Brodala
Hello Giles. Please reply to the list directly, thanks. There's no package called prelink on the system. Should there be? Not necessarily. It could have been a possible cause for the different filesizes. So you should follow the recommendations of Andrew and Steve and prepare for a worst

Re: Changing binaries

2006-07-31 Thread Giles McGarry
Steve, I think you've hit the nail on the head, running clamscan (didn't know it even existed until a few minutes ago) show the following:/bin/bash: Linux.RST.B FOUND /bin/mv: Linux.RST.B FOUND /bin/grep: Linux.RST.B FOUND /bin/mt-gnu: Linux.RST.B FOUND /bin/tcsh: Linux.RST.B FOUNDon

Re: Changing binaries

2006-07-31 Thread Joey Hess
Giles McGarry wrote: Steve, I think you've hit the nail on the head, running clamscan (didn't know it even existed until a few minutes ago) show the following: /bin/bash: Linux.RST.B FOUND /bin/mv: Linux.RST.B FOUND /bin/grep: Linux.RST.B FOUND /bin/mt-gnu: Linux.RST.B FOUND /bin/tcsh:

Re: Changing binaries

2006-07-31 Thread James Westby
On (31/07/06 19:02), Joey Hess wrote: http://www.viruslist.com/en/weblog?calendar=2005-09 http://www.lurhq.com/atd.html One of those might possibly explain how that virus got on there. I'd recommend a rebuild; you have a system here whose previous admin has either been running untrusted