Re: Rootkit warning! (Was: Re: LS_COLORS error)
Hi Nicos.
On Fri, 2003-06-06 at 04:11, Nicos Gollan wrote:
> On Thursday 05 June 2003 18:08, Neilen wrote:
> > Hi.
> >
> > I'm running sid. Some time in the last week (did unfortunately not
> > notice exactly when), I started getting the following error from ls:
> >
> > brick@hilife:~/public_html$ ls
> > ls: unrecognized prefix: do
> > ls: unparsable value for LS_COLORS environment variable.
>
> I had this some time ago. You might want to check for t0rnkit in case someone
> hacked you machine. The "devious" thing about the kit's files is that they're
> marked "undeletable" with chattr (see man chattr and man lsattr), so even
> root can't delete them directly.
Sure enough, this seems to be the case. I also had a problem where
procps would not install due to "permission denied". Chattr showed why
;)
Guess its reinstall time. You think it would be safe to keep my /home/*
for the new install?
Thanks
Neilen
>
> I'll append a kind of "in-group whitepaper" I found.
--
Neilen <brick@adept.co.za>
Reply to: