On Friday 06 June 2003 05:44, Neilen wrote: > Sure enough, this seems to be the case. I also had a problem where > procps would not install due to "permission denied". Chattr showed why > ;) > > Guess its reinstall time. You think it would be safe to keep my /home/* > for the new install?
Well, that depends on how much you'd trust the system when you just removed the kit. I _think_ I got rid of it by deleting the files mentioned in the small "analysis", and the machine at least seems to behave normal since then. Just make sure you aren't running any trojaned ssh daemon, login or anything that's allow remote login. You can see that by running clean versions of ps, netstat et al. off a clean floppy. You'll also need clean versions of find and ls, then it's easy. On my system, all the files had UID/GID 500, so they were easy to spot. Keeping the home directories should be safe as long as you don't keep any code in there that might have been trojaned, which is improbable since you've been likely been hacked by a script kiddie that wanted your machine as a zombie for a DDoS or something. -- Got Backup? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
