This topic has been archived. It cannot be replied.
-
枫下家园 / 电脑用户 / 电脑被攻击.REDHAT 7.0. 被攻击2小时后发现.迅速切断网线.被更改的文件已全部找到.但是有一个被更改的文件我无论如何都改不回来了.不能做任何的写操作.(VI,CHMOD,RM,MV).单用户也不行. 什么LOCK这么厉害?
-lyh(千秋万代一统江湖);
2001-11-13
(#260191@0)
-
UP!!鬼子的攻击已经查明,不断往zar_hack@yahoo.com发送系统信息。如何进来的还不知道。/etc/rc.d/init.d/syslog 文件被锁,还是解不开。
-lyh(千秋万代一统江湖);
2001-11-13
(#260205@0)
-
chmod u+r /etc/rc.d/init.d/syslog
-redplanet(March the 1st);
2001-11-13
(#260208@0)
-
permission denied
-lyh(千秋万代一统江湖);
2001-11-13
(#260354@0)
-
"su" first and type in root password
-redplanet(March the 1st);
2001-11-13
(#260390@0)
-
yes, I am a super user. Even super user can not move, remove , apend, chmod. That is the problem. Even if I move the hard disk to another machine, I can not modified the file too. It should be sort of LOCK. then ?
-lyh(千秋万代一统江湖);
2001-11-13
(#260407@0)
-
boot into single user, what's the result of "ls -l <file>"? what about lsof? how'bout "cp <file> <file>.copy"?
-redplanet(March the 1st);
2001-11-13
(#260412@0)
-
the file mode is 700, owner is root group is lp. I have try boot single. the same. the file is readable. I can copy it to anywhere. but I can not change the file itself (file status and content)
-lyh(千秋万代一统江湖);
2001-11-13
(#260427@0)
-
So what's the output of 'ls -ln /etc/rc.d/init.d/syslog'?
-dennis2(Dennis);
2001-11-13
(#260474@0)
-
btw, the best way to go get an Apple Macintosh, no one bothers to hack an Apple. or BSD.
-redplanet(March the 1st);
2001-11-13
(#260294@0)
-
Redhat is notorious for its security problems. You'll have to apply patches rigorously. A stock installation of Redhat will get hacked in about 2 weeks.If you really want to use Linux, try Debian. I just hate rpm.
Even better, try one of the BSDs.
-dennis2(Dennis);
2001-11-13
{98}
(#260220@0)
-
i use slackware since 1993. But redhat is much popular at this time. I still can not change or remove the file.
-lyh(千秋万代一统江湖);
2001-11-13
(#260355@0)
-
原来是老前辈了,93年我连Linux都没听说过,更别说Slackware了。
-dennis2(Dennis);
2001-11-13
(#260467@0)