[CentOS] CleanLog.h
Amos Shapira
amos.shapira at gmail.comThu Nov 29 22:55:11 UTC 2007
- Previous message: [CentOS] CleanLog.h
- Next message: [CentOS] CleanLog.h
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 30/11/2007, B.J. McClure <keepertoad at verizon.net> wrote: > > Sad to say one of my file servers was exploited and used to run a > Phishing scam. Have identified subject virus amongst other things. It > appears twice in a virus scan; /sbin/z (which I assume can just be deleted) > and /sys/bus/serio/drivers/atkbd/description. The latter file is also > present in identical uninfected machines. I have been unable to open the > file, even with root privileges, although it appears to be a text file. Any > suggestions on how to proceed appreciated. Guess I could delete it and copy > over the file from an identical machine. > Is SE Linux enabled on your system? If this is an ext2/ext3 filesystem - look at "lsattr" and friends. fuser(1) on that file and/or monitoring it using something base on inotify(7) might reveal which process has it open or uses it. Hope this gives you some useful direction. --Amos -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20071130/8bae5b3c/attachment-0001.html>
- Previous message: [CentOS] CleanLog.h
- Next message: [CentOS] CleanLog.h
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list