LinuxQuestions.org - cannot remove hacker's file

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - cannot remove hacker's file (https://www.linuxquestions.org/questions/linux-security-4/cannot-remove-hackers-file-6172/)

jupiter

09-03-2001 02:35 AM

cannot remove hacker's file

A hacker has modified some system files in /etc. I could not find the way to remove (or modify) this file.

I have tried rm -f <filename> with supervisor priviledge (login as root) and got back the msg : "operation not permitted".

Pls. kindly advise

trickykid

09-03-2001 07:52 AM

what are the permission levels on the files..? not sure if that will help or not, or can you change the permission levels then try to delete them.

jupiter

09-03-2001 09:53 AM

is the security level the same as file permission mode. If so, it is rwxr-xr-x i.e., root should be able to delete it.

if the security level is different from file permission mode, pls. advise how to check it.

unSpawn

09-03-2001 10:16 AM

If its got spaces you have to quote em to remove them.
rm -f "/path/to/file/file name "
OTOH, if its not in the spaces try
lsattr /path/to/file/filename
to see if the u(undeletable) and i(immutable) bits have been set. If so,
chattr -iu /path/to/file/filename
will remove them, check with lsattr, then try to remove.

*Note there quite possibly are backdoors or compromised services installed. Unless you can *100%* verify the system is ok, I suggest you save your *human readable userdata* only, and reinstall from scratch.

reader

09-14-2001 05:54 PM

(deleted) Excuse me

All times are GMT -5. The time now is 01:18 AM.