LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 04-18-2011, 09:22 AM   #1
barnea10
LQ Newbie
 
Registered: Mar 2010
Posts: 12

Rep: Reputation: 0
removeing symbolic links - directory


hi
i have a hacking attack on my server
where some one tried to implement shell
and scripts,
also in a directory he placed a symbolic link to my root.

i tried to remove it with rm directotyname
but it gave me :
> rm directotyname
rm: cannot remove directory `directotyname': Is a directory

how can i remove the symbolic link and make sure it will not happen again ?


thanks !
 
Old 04-18-2011, 09:38 AM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 13,803

Rep: Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365
Quote:
Originally Posted by barnea10 View Post
hi
i have a hacking attack on my server where some one tried to implement shell and scripts, also in a directory he placed a symbolic link to my root.

i tried to remove it with rm directotyname but it gave me :
> rm directotyname
rm: cannot remove directory `directotyname': Is a directory

how can i remove the symbolic link and make sure it will not happen again ?
thanks !
You can read the man pages for rm and rmdir. Either type in "rm -fR <directory name>" or "rmdir <directory name>".

As far as making sure it won't happen again, there's no way for us to answer that, based on what you posted. You don't tell us the version/distro of Linux, the network environment, where the attack came from (or even provide proof there WAS an attack), and what you've done/tried so far. There are several threads on this site that deal with hardening a Linux system, as well as many general guides you can follow/find via Google.

Last edited by TB0ne; 04-18-2011 at 09:40 AM.
 
Old 04-18-2011, 10:32 AM   #3
barnea10
LQ Newbie
 
Registered: Mar 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TB0ne View Post
You can read the man pages for rm and rmdir. Either type in "rm -fR <directory name>" or "rmdir <directory name>".

As far as making sure it won't happen again, there's no way for us to answer that, based on what you posted. You don't tell us the version/distro of Linux, the network environment, where the attack came from (or even provide proof there WAS an attack), and what you've done/tried so far. There are several threads on this site that deal with hardening a Linux system, as well as many general guides you can follow/find via Google.
when i try to


rmdir directory
i get -
rmdir: directory: Directory not empty
 
Old 04-18-2011, 12:24 PM   #4
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 13,803

Rep: Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365
Quote:
Originally Posted by barnea10 View Post
when i try to


rmdir directory
i get -
rmdir: directory: Directory not empty
Ok...what part of that is unclear? The directory is not empty...so EMPTY IT.

Either go into the directory, and remove the files, or AGAIN, read the man pages for rm and rmdir. As I told you in my first reply, "rm -fR <directory name>" will remove it.
 
Old 04-18-2011, 03:18 PM   #5
barnea10
LQ Newbie
 
Registered: Mar 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TB0ne View Post
Ok...what part of that is unclear? The directory is not empty...so EMPTY IT.

Either go into the directory, and remove the files, or AGAIN, read the man pages for rm and rmdir. As I told you in my first reply, "rm -fR <directory name>" will remove it.
thanks for your patience...

the directory is acting as symbolic link.
will ti be safe to strongly remove it ?
will it harm the server that pointed from it ?
how can i empty it ?
it doesnt contain anything when i click it i see all my root server directories.
 
Old 04-18-2011, 04:18 PM   #6
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 13,803

Rep: Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365
Quote:
Originally Posted by barnea10 View Post
thanks for your patience...

the directory is acting as symbolic link. will ti be safe to strongly remove it ? will it harm the server that pointed from it ?
how can i empty it ?it doesnt contain anything when i click it i see all my root server directories.
Again, read the man pages for rm and rmdir. And if it's just a symbolic link, you'll just remove the link. However if you read the man pages for the ln command, it *MIGHT* hurt something, depending on how the link was made.

Once more, read the man pages. In my opinion, if you think your server has been compromised, your best course of action is:
  • Unplug it
  • Format the drives
  • Reinstall the OS
  • Reinstall any applications from scratch.
  • Reload ONLY application data from backups
  • Examine EVERYTHING after you're back online.
Doing a piecemeal 'recovery' is 99% of the time, pointless. However you were compromised, the attacker still has that avenue available to them. Unless you identify what happened and how, you may as well not bother.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] uShare - Directory Recursion and Symbolic Links arashi256 Linux - Server 3 11-09-2013 05:43 PM
Symbolic links shorte85 Linux - Newbie 7 03-10-2009 11:08 PM
Symbolic links Vs Hard links sulekha Linux - General 2 10-02-2008 07:03 AM
Cannot remove symbolic directory links in RHEL3 WS ahelis Red Hat 5 03-24-2007 02:51 AM
help with symbolic links sopiaz57 Linux - General 2 06-11-2004 06:17 PM


All times are GMT -5. The time now is 03:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration