Linux Advocate wrote:
DID THIS GUY ACTUALLY SAVE A FILE ON MY HARD DISK??? AAAAAAHHHHHHHHHHHHHHHHHHHH???????????????
Was this why rkhunter popped out with this warning?
- Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ]
/etc/.pwd.lock /usr/share/man/man1/..1.gz /dev/.udev
Please inspect: /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev (directory)
Should i delete these files? are the man files nromally .gz or .bz2 ?
There is also a similar entry, where another file called unix2.tgz was downloaded....
But i cant find these files on the HDisk? guys i am out of my league here. All assistance is deeply appreciated.
I *hope* this machine is disconnected from the internet and running a liveCD to investigate this
yes, it appears you've been hacked, and have stealth files (any file with . in front oft he name is hidden and would only show with ls -a and if you *are* rootkitted, there's a strong possibility your ls and other command tools have been replaced..
and, it appears it came in via an exploit in that horde framework (I know nothing about horde)