[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] hacked raq
- Subject: RE: [cobalt-users] hacked raq
- From: "John-Andrew M. Minniti" <drew.minniti@xxxxxxxxxxx>
- Date: Sat Feb 24 16:11:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
It could be that the file is immutable. to find out, just use the command
lsattr. if the result shows an ----i-- then the file can not be moved or
deleted, even by root. Is this really a hacker attempt? I mean Its not bad
to have immutable files. As a matter of fact /usr/sbin, /usr/bin and
/usr/lib should be immutable. Its an extra layer of protection, though not
necessarilly a very powerful one. You can make the file, er... mutable by
using chattr -i filename.
Drew
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Gerald Waugh
Sent: Wednesday, February 21, 2001 6:43 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Cc: randy@xxxxxxxxxxxxx
Subject: Re: [cobalt-users] hacked raq
"Randy Davis" <randy@xxxxxxxxxxxxx> wrote
> Yepper. Did try force as well. Here is the actual error message I get
> back:
>
> # rpm -Uvh --force util-linux-2.10m-C1.i386.rpm
> util-linux
> can't rename /bin/login to /bin/login-RPMDELETE: Operation not permitted
> unpacking of archive failed on file /bin/login: cpio: unlink failed - Bad
> file descriptor
>
> Ciao
> Randy
Ok, look in /bin/login (ls /bin/login) and see if the file is there.
If it is not there
try "ls /bin/xlogin"
if it is there
You have been cracked.
(note: hacking is not bad (hackers built Linux) crackers are the spoilers
(bandits)!
Gerald
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users