Re: root is unable to change file permissions!

On Fri, Jun 03, 2005 at 08:04:17PM +1200, Andreas Hatz wrote: > We have an interesting phenomenon occuring on one of our servers. We > have noticed that two files in the /bin directory have had their > executable permissions removed and we are unable to chmod the files as > root. Check the outpu

Re: Re: root is unable to change file permissions!

Incoming from Andreas Hatz: > > Thanks for the tip re the chkrootkit. There are a couple of warnings: > > Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit > installed > Checking `lkm'... You have 3 process hidden for ps command > Warning: Possible LKM Trojan instal

Re: Re: root is unable to change file permissions!

Hello Jurgen,   Thanks for the tip re the chkrootkit. There are a couple of warnings:   Searching for t0rn's v8 defaults... Possible t0rn v8 (or variation) rootkit installedChecking `lkm'... You have 3 process hidden for ps commandWarning: Possible LKM Trojan installed   This is great in

Re: Re: root is unable to change file permissions!

Hello Robert,   when running lsattr I get mostly -- with a few exceptions:   ns:/bin# lsattr suSiadAc-- /bin/ls suSiadAc-- /bin/login suSiadAc-- /bin/netstat suSiadAc-- /bin/ps   also, ns:/bin# lsattr /sbin suSiadAc-- /sbin/ifconfig   Doesn't look too good for se

Re: root is unable to change file permissions!

Using lsattr, see is the immutable flag has been set. Normally, no flags should be set: [EMAIL PROTECTED]:~> lsattr *.txt - 34sp-userguide.txt If the immutable flag has been set, you can unset it with chattr -i filename See "man lsattr" and "man chattr". While this will (hop

Re: root is unable to change file permissions!

Try to run a chkrootkit, to see if some niaries are replaced. Also, how about the mounts, is /bin probably a mount, or is /bin/login a symlink to a ro filesystem? Jurgen > Hello Debain Users, > > We have an interesting phenomenon occuring on one of our servers. We have > noticed that two files

Re: root is unable to change file permissions!

On Fri, 2005-06-03 at 20:04 +1200, Andreas Hatz wrote: > Hello Debain Users, > > We have an interesting phenomenon occuring on one of our servers. We > have noticed that two files in the /bin directory have had their > executable permissions removed and we are unable to chmod the files as > root.

root is unable to change file permissions!

Hello Debain Users,   We have an interesting phenomenon occuring on one of our servers. We have noticed that two files in the /bin directory have had their executable permissions removed and we are unable to chmod the files as root.   current file permissions: -rw-r--r--   1 root root