[K12OSN] file attributes

Jim Kinney jim.kinney at gmail.com
Wed Mar 21 14:10:05 UTC 2012

I missed the part about these were dirs and not files.
The dir names may have nonprinting characters so your work to change things
is failing on wrong name.
At this point you need to replace the drive or it's contents. Unless you
can work at the inode level to wipe very specific bits, the level of effort
exceeds realistic time frames. As long as those dirs exist, you're running
a compromised system.
On Mar 21, 2012 8:28 AM, "Barry Cisna" <cisna-barry at wc235.k12.il.us> wrote:

> Hello All,
> I did try the dd if,,,   of  as suggested in a post to change file
> size,,etc. After doing this routine i still get 'permission denied,,when
> trying to delete each file after the convert.
> SELinux is still disabled as before.
> Nothing is ever shown in any logs ,either system or secure,,,when trying
> to rm a file.
> It seems the key in this is, when I try and create a blank text file and
> save to either of the libsh(rootkit) dirs I get 'bad file descriptor',
> thrown.
> very odd?
> Not that it makes any diff,,but of course in searching the logs I did
> find the ip address that dropped in this rootkit was from China,
> surprise,,surprise,,,.
> Thanks again,
> Barry
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20120321/61ffc2e6/attachment.htm>

More information about the K12OSN mailing list