[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] file attributes

I missed the part about these were dirs and not files.
The dir names may have nonprinting characters so your work to change things is failing on wrong name.
At this point you need to replace the drive or it's contents. Unless you can work at the inode level to wipe very specific bits, the level of effort exceeds realistic time frames. As long as those dirs exist, you're running a compromised system.

On Mar 21, 2012 8:28 AM, "Barry Cisna" <cisna-barry wc235 k12 il us> wrote:
Hello All,

I did try the dd if,,,   of  as suggested in a post to change file
size,,etc. After doing this routine i still get 'permission denied,,when
trying to delete each file after the convert.
SELinux is still disabled as before.
Nothing is ever shown in any logs ,either system or secure,,,when trying
to rm a file.

It seems the key in this is, when I try and create a blank text file and
save to either of the libsh(rootkit) dirs I get 'bad file descriptor',
very odd?

Not that it makes any diff,,but of course in searching the logs I did
find the ip address that dropped in this rootkit was from China,

Thanks again,

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]