[WBEL-users] Permissions (Was Problems after updates)
Jeremy Bowers
jaire at preciant.com
Mon Jun 13 13:35:13 CDT 2005
>
> These first two questions are the most important ones but it would be
> interesting to know what i have done wrong to be hacked. I will keep the
> Hard drive for further analysis and install a new hard drive for the new
> installation.
This is a great idea. Make sure you keep the old hard drive intact.
>
> The first thing that I will try is chkrootkit.
> What is the DAG's RHEL repo?
> Can I use the tar.gz available on www.chkrootkit.org ?
You can probably use the one on chkrootkit.org, but I like to strictly
use packages. You can find DAG's repo at
http://dag.wieers.com/packages/
>
> Are there other things that I can try ? (trying to reinstall ps to find
> what are the real running processes for example) ....
Yeah, run: chattr -i /bin/ps to remove the immutability, then reinstall
your procps package: rpm -Uvh procps-xxx.rpm Then run ps again to see
what hax0rs were hiding.
Being hacked sucks, but in one sense, it's kind of exciting to go
through their tracks and find out what exactly they have done.
--Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2697 bytes
Desc: not available
Url : http://beau.org/pipermail/whitebox-users/attachments/20050613/aacbe596/smime.bin
More information about the Whitebox-users
mailing list