On 30 Apr 1998, James Youngman wrote:
> wtw> tcpd was replaced with a trojan one.
> Ouch.
That's an easy problem to fix. The RPM database is what I'm concerned
about, since it contains the MD5 information in the first place. Does
anyone know a way to compare the MD5 of an installed package against the
source RPM file (which being on a CD and all is probably okay ;) ) as
opposed to the data stored in the RPM database? (Of course, I can always
reinstall, but i'd rather not...)
> Here's an example of how you might do it, I've chosen a random PID on
> my system, 429.:-
This information is fantastic! Is it all in the mini-HOWTO? I didn't
even know that HOWTO existed.
> You set the link count to , the dtime should still be zero (if
to.... what? :) I assume that one is probably the number of choice.
> Still, it's best to remount the FS concerned read-only before running
> debugfs on it, and fsck it afterwards.
But if I do that... won't I have to kill the offending process and
therefore lose my toehold on the file?
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
