[K12OSN] bin files change on reboot
Nils Breunese
nils at breun.nl
Sun Feb 17 22:39:50 UTC 2008
Ryan Collins wrote:
> You need to reformat and re-install, it's the only way to be sure.
>
> If has been hacked, it's probably doing all sorts of nasty suff on
> the Internet.
+1
I think it's already somewhat irresponsible to put a machine online
that runs an EOL'd OS, but if you *know* it's been hacked then you
really need to reinstall this one. I can recommend K12LTSP 5EL.
Nils Breunese.
> On 2/17/08, Barry Cisna <brcisna at eazylivin.net> wrote:
>> Hello List,
>>
>> This is kind of a weird scenario. On an FC5 K12ltsp server I set up
>> at
>> some peoples house over a year ago. I know this server has been
>> hacked
>> into some time back as I can see by the rkhunter logs for some
>> time. I
>> view it from time to time remotely via Webmin. What happens on this
>> server
>> is each time it gets rebooted ( which is not very often) other than
>> over
>> this weekend due to ice storm/power outage here), there are a few bin
>> files that end up being the wrong date/and the wrong file sizes. Most
>> everything still works OK other than lots of behind the scenes
>> things,
>> such as if I simply do a 'uname -a ' I get segmentation fault and
>> if i try
>> to use the zip program i get errors. I took and copyed from a good
>> FC5
>> server the bin files and placed onto this particular server,so when
>> this
>> happens I explained to them how to copy paste the good bin/files
>> into the
>> /bin folder each time they end up having to reboot this server.
>> Once the
>> correct bin files are copyed into the bin folder then there are no
>> more
>> segmentation faults and the zip program functions correctly,etc.I
>> still
>> have not figured out "were" these files come from each time this
>> server is
>> rebooted? This server runs rock solid and they really don't need to
>> update
>> to anything newer as they just use it to web browse and email thing.
>> BTW; i did delete a couple diretories that had been added with some
>> sort
>> of system scanner files to ftp out to a remote server some time back
>> ,thinking this may have been the resolve for this. No Joy:(.
>> Anyone have any ideas were to look?
>>
>> Thanks,
>>
>> Barry Cisna
More information about the K12OSN
mailing list