Ah, well, sorry then. One thing that you might find makes your job easier. Check out http://www.knoppix.org . They have a bootable CD version of linux that you can boot from. If you do that, then you'll know that your ls, lsattr, etc commands are good. You should then be able to copy your executables from a RH CD onto your box with confidence.
One thing to look out for. I don't know the details (maybe somebody else on the list can help out here) but there are also kernel loadable modules that hackers have written as a new form of root kit. I don't know much, just what I've read on the samhain site (http://la-samhna.de/samhain/), but you might want to check out your modules.conf when you boot from the CD, and replace anything there, as well as your kernel. Ben ----- Original Message ----- From: "Reuben D. Budiardja" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 21, 2003 6:23 PM Subject: Re: Root can't delete some files in /bin > One reply to different mails. > > First let me say, I totally know that the "best" thing to do for a hacked box > is to re-install the whole thing. I've been using Linux long enough, been in > this list long enough (> 3 yrs). But the fact is I am: > 1. Just a grad students who *happens* to be there (or here) when the box got > hacked. > 2. happens to be the only guy in the group that knows anything about RH linux > 3. don't even get paid to recover the darn box... not even part of my job / > responsibility > 4. yeah... the other guy who do part-time admin-ing the box happens to be not > here... > > So, > > On Saturday 21 June 2003 05:44 pm, MKlinke wrote: > > It is highly unlikely that anyone here, in this, or any other, e-mail > > group, is going to be able to guide you through all the steps > > necessary via e-mail to insure that you have a box that isn't now > > riddled with problems. > Again, I know that. I didn't ask for that. > > > If you're not real experienced with Linux and > > you have a box that's been hacked, do as the man said, pull your data > > and re-install from the ground up. Otherwise, you're leaving a hacked > > box on the network to possibly do its dirty work against the rest of > > us! > > If it were my box, and I have a total say of what to do, I would have done > that in no time. > > > If you're experienced enough with Linux, quit whining and rebuild the > > box! > > I didn't remember whining. What did I whine about? I asked questions. > > On Saturday 21 June 2003 05:12 pm, Ashley M. Kirchner wrote: > > Tell him to go away and you'll do your job and he'll be much happier. > supposedly that's not even my job. I'm just trying to help. My job is other > stuff, namely, research. > > On Saturday 21 June 2003 06:20 pm, Benjamin J. Weiss wrote: > > In the amount of time you've already spent doing this, you could have: > > the amount of time I spent is about 3-4 hours. I *tried* to clean up > everything, and close everything down. Only httpd is running. > > Ironically, the day before the box got hacked, I by accident warned him that > the box was not very secure, and had not been kept up to date. Now I really > strongly recommend him to buy RHEL Edge Server for the box and redo > everything ASAP and seems that he's listening to me. That'll will do 2 things > hopefully: > 1. For me to get more job and hopefully get paid more so I can eat better food > :) > 2. Support Redhat > > So please, please, please, don't preach on me. Everything that has been said > here is correct, and I really believe it. But as I said.... in my case, it's > not that simple. > > Thanks anyway. > > RDB > -- > Reuben D. Budiardja > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
