[SunHELP] strange ls behaviour
Bret Adams
bret at fabrikant.com
Thu Jul 10 08:59:55 CDT 2003
Take a look at rootkit.org or sunfreeware.com They have software to sniff
out rootkits. Sunfreeware comes precompiled so all you have to do is a
pkgadd.
Bret
At 09:45 AM 7/10/2003 -0400, you wrote:
>On Thu, 10 Jul 2003 12:52:44 +0200
>"Simon Jespersen" <shj at pine.dk> wrote:
>
> > Hi on my blade 100 sol8 box i have a very strange behaviour.
> >
><snip>
> >
> > Can some one tell me whats going on
> >
>
>It is common practive to replace several binaries when a box is compromised
>and rooted. ls, login, top, ps, who, and couple others are the most
>commonly replaced. I suggest you take a *good* look at your box, the
>system, and see if there's a root kit on it. You're likely going to need to
>rebuild this system.
>
>--
>Kurt "I am not aware that any community has a right to
>kurt at k-huhn.com force another to be civilized."
> --John Stuart Mill
>_______________________________________________
>SunHELP maillist - SunHELP at sunhelp.org
>http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list