[CentOS] I appear to be attacking others
Troy Engel
tengel at fluid.comMon Feb 6 17:09:00 UTC 2006
- Previous message: [CentOS] I appear to be attacking others
- Next message: [CentOS] I appear to be attacking others
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Steve Bergman wrote: > > # rpm -e --nodeps procps > # find / -name ps -ls > # find / -name top -ls > # yum install procps Another neat trick is let RPM help you find altered executables that it knows about, in case the rootkit replaced some other things (again, better to reinstall from scratch): rpm -Va The first three characters are the most important to look at, they'll tell you if the size/md5sum is off. Here's a quick cheatsheet paste from the man page: S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs You'll see a lot of stuff, don't panic -- it's very common to get changes listed in /etc/ and /usr/share/, among others. Pay keen attention to anything in bin (/bin, /sbin, /usr/bin, /usr/sbin, etc) as they are the most likely targets. -te -- Troy Engel | Systems Engineer Fluid, Inc | http://www.fluid.com
- Previous message: [CentOS] I appear to be attacking others
- Next message: [CentOS] I appear to be attacking others
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list