cannot remove hacker's file
A hacker has modified some system files in /etc. I could not find the way to remove (or modify) this file.
I have tried rm -f <filename> with supervisor priviledge (login as root) and got back the msg : "operation not permitted". Pls. kindly advise |
what are the permission levels on the files..? not sure if that will help or not, or can you change the permission levels then try to delete them.
|
is the security level the same as file permission mode. If so, it is rwxr-xr-x i.e., root should be able to delete it.
if the security level is different from file permission mode, pls. advise how to check it. |
If its got spaces you have to quote em to remove them.
rm -f "/path/to/file/file name " OTOH, if its not in the spaces try lsattr /path/to/file/filename to see if the u(undeletable) and i(immutable) bits have been set. If so, chattr -iu /path/to/file/filename will remove them, check with lsattr, then try to remove. *Note there quite possibly are backdoors or compromised services installed. Unless you can *100%* verify the system is ok, I suggest you save your *human readable userdata* only, and reinstall from scratch. |
(deleted) Excuse me
|
All times are GMT -5. The time now is 01:18 AM. |