[SunHELP] strange ls behaviour
Matt Bettinger
mattb at houston.rr.com
Mon Jul 14 19:39:10 CDT 2003
On Mon, 14 Jul 2003 20:09:41 -0400
Phil Stracchino <alaric at caerllewys.net> wrote:
> On Thu, Jul 10, 2003 at 01:13:38PM +0200, Simon Jespersen wrote:
> > Ok i can see my ls command, the size of the file is the same as it
> > is on another sunbox i have, but the date is different. the find
> > file is strange,
> >
> > when i do ls -l find in /usr/bin it just says
> >
> > ls -l find
> > total 52326
> > #
> >
> > but the file is there i can do file find and it returns
> >
> > # file find
> > find: ELF 32-bit MSB executable SPARC Version 1,
> > dynamically linked, stripped
>
> Odds are pretty good you've been rooted and the rootkit is broken.
> Time to disinfect, clean up and/or reinstall. If in doubt, reinstall.
> (You
> DO have your essential data and configuration files backed up, of
> course....?)
>
You mean, you have your tripwire/aide/mtree blah db on tape to compare
the files that have changed and also compared them with your backups.
We don't want to reinstall the rootkit again do we.
-mb
More information about the SunHELP
mailing list