Re: Rooted? Could anything innocently alter the "i" flag?
On 23 Mar 2004, Kevin Mark wrote:
> On Tue, Mar 23, 2004 at 08:52:35AM +0000, Anthony Campbell wrote:
> > On 23 Mar 2004, Mark McRitchie wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Anthony Campbell [mailto:ac@acampbell.org.uk]
> > > > Sent: 22 March 2004 20:07
> > > >
> <snip>
> > because a routine upgrade of procps failed because it could not make a
> > link to /bin/ps. I eventually found that it was due to the "i" flag on
> > that file. I removed the flag and it then worked. However, last night I
> > found that the flag had returned. I removed it again.
> >
> > Today, I found that upgrading procps failed again, this time because it
> > was unable to create /bin/kill. But /bin/kill does not have the "i" flag
> > set. So it definitely seems that something strange is happening.
> >
> > AC
> Hi Anthony,
> Are any script run in cron jobs?
> Are there any pacakges installed that are related to
> security/administration? Check 'dpkg -l'. Maybe you would like a file
> alteration program like fam installed?
> Just a thought.
> -Kev
Quite a few things are run as cron. mainly creating backups nightly and
trimming log files.
I just looked at fam; it seems to want to install portmap, which I've
removed for security reasons (ha ha!).
AC
--
ac@acampbell.org.uk || http://www.acampbell.org.uk
using Linux GNU/Debian || for book reviews, electronic
Windows-free zone || books and skeptical articles
Reply to: