Is '/usr/bin/find' reliable if '/bin/ls' has been replaced?
I have a system running RH9 which appears to have been compromised. I believe /bin/ls has been replaced with a "customized" version to confound attempts at inspecting the system. I am using /usr/bin/find (which appears to have been left alone) in order to identify all files which have changed since the time of the compromise (I don't think the intruder was clever enough to hide the footprints he left in the modifcation times of the files). My concern is that, if find relies upon ls, its output may also be unreliable.
Thanks for your help!