Hello. I am running debian lenny on my system. I am not able to read a file as root user (with any command), even when read permission is enabled or to list or change ext3 file system attributes either.
What does this mean, file corruption?
# ls -l file
-rwxrwxrwx 1 <user> <group> 609834 dic 15 18:49 <file>
# file file
<file>: writable, executable, regular file, no read permission
# cat file
cat: <file>: Operation not permitted
#cp file .
cp: can not read <file>: Operation not permitted.
I know that other possibility could be that the write system call was modified by a malicious rootkit. I checked my system with rkhunter and I found this:
Checking for string 'hdparm' [ Warning ]
I searched for this and it seems like a false positive.
[11:12:20] Warning: Checking for possible rootkit strings [ Warning ]
[11:12:41] Checking for hidden files and directories [ Warning ]
[11:12:41] Warning: Hidden directory found: /dev/.udev
[11:12:41] Warning: Hidden directory found: /dev/.initramfs
These seems like false positives too.
Any hints of why I can not read this file?
Thanks in advance.