Hi
On 07/21/2010 06:45 PM, Chris Davies wrote:
> For breakage of something as significant as /etc/shells, I'd prioritise
> investigations in that order. Memtest86+ is a no-brainer, so let it
> test your machine. Are you using a kernel that's got known issues with
> whatever filesystem you are using for /etc? (Have you looked?)
I will do checks today just need to buy cdrom first. I will report
memtest86+, fsck and chkrootkit results this evening. Kernel is current
squeeze kernel. Filesystem is ext3. AFAIK ext3 is quite stabe now.
Today i found addidtionaly hidden files in /etc
.passwd.swn and similar .p.*
file tells that they are vim swap files, but inside they also contain
keyboard logs (among other data).
> What was the outcome of your investigation into the previous situation?
The prevoius situation happens on the providers virtual hosting, so I
can not do a lot. Perfromed nmap from outside, chkrootkit from inside
with no results.
--
Sergey
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52vnh7-83o....@legba.gamic.com
